up:: The Mandates MOC
CISA Post-Quantum Cryptography Initiative
The CISA Post-Quantum Cryptography Initiative is the U.S. federal civilian government’s coordination hub for the post-quantum migration, run by the Cybersecurity and Infrastructure Security Agency (CISA) inside the Department of Homeland Security to drive the transition across civilian agencies and critical infrastructure. CISA announced it on July 6, 2022 to “unify and drive efforts with interagency and industry partners to address threats posed by quantum computing and to support critical infrastructure and government network owners and operators during the transition to post-quantum cryptography.”
It’s coordination and guidance rather than a regulation. It’s the body that produces the practical factsheets, roadmaps, and product lists that operationalize the binding federal PQC directives (NSM-10, OMB M-23-02, and the executive orders that follow them), and it’s the place a critical-infrastructure operator can look when the policy documents say “migrate” but never say how.
Source: CISA, “CISA Announces Post-Quantum Cryptography Initiative,” July 6, 2022; CISA Post-Quantum Cryptography Initiative program page.
The short version:
- CISA is the U.S. lead agency for civilian-branch and critical-infrastructure cybersecurity, and the Initiative is its post-quantum coordination effort, announced July 6, 2022.
- It’s coordination and guidance, not a regulation. It operationalizes the binding directives (NSM-10, OMB M-23-02, Executive Order 14306, Executive Order 14412) rather than issuing deadlines of its own.
- Its most-cited output is the NIST joint guidance “Quantum-Readiness: Migration to Post-Quantum Cryptography” (August 21, 2023), which tells organizations to build a roadmap, stand up a cryptographic inventory, assess their supply chain, and engage their vendors.
- CISA also assesses quantum risk across the 55 National Critical Functions, runs a Quantum-Readiness Working Group, and published the Executive Order 14306 product-categories list of technology classes that already ship post-quantum options.
- For an operator with no statute binding it directly, CISA’s guidance is the practical starting line, because it’s the government’s own stated sequence and the framing that sector regulators recognize.
Think of the federal PQC effort as one large construction project. NIST is the code office writing the specifications for what’s safe to build with, the new FIPS standards. NSA enforces the code on the military’s own buildings, the national-security systems. CISA is the general contractor for everything civilian: it doesn’t write the specifications or pour the concrete, but it hands operators the order of work, survey the site, take inventory, check your suppliers, and keeps the civilian side of the project moving toward the deadline.
What is the CISA Post-Quantum Cryptography Initiative?
The CISA Post-Quantum Cryptography Initiative is a coordination and guidance program that unifies interagency and industry efforts to prepare U.S. civilian government and critical-infrastructure systems for the arrival of a cryptographically relevant quantum computer. CISA is the operational lead for civilian-executive-branch and critical-infrastructure cybersecurity, so the Initiative is the natural home for the civilian side of the post-quantum transition, sitting alongside the standards work at NIST and the national-security-systems work at NSA.
A few things about its standing are worth stating plainly, because they change how you use it:
- It’s a hub, not a rule. The Initiative coordinates and publishes; it doesn’t issue a binding requirement on its own authority. Its outputs range from informational guidance (factsheets, roadmaps) to buyer-facing references (the product-categories list) to deliverables that executive orders direct CISA to produce.
- Its force is borrowed from the mandates it serves. The Initiative’s own guidance is advisory. It becomes binding where it operationalizes a directive, and the OMB M-23-02 inventory obligation and the executive-order taskings are where the “must” actually lives.
- Its reach runs past the federal government. Federal civilian agencies follow it as a compliance-adjacent expectation. Because national and sector regulators, insurers, and procurement programs align to the federal lead, CISA’s framing becomes a de facto reference even for organizations that never touch a federal contract.
Source: CISA Post-Quantum Cryptography Initiative program page; CISA, “Quantum,” Risk Management topic.
Who does the CISA PQC Initiative apply to?
The Initiative reaches everyone the federal government wants moving on post-quantum cryptography, but its direct authority runs to civilian agencies and its support runs to critical infrastructure. The five audiences it addresses:
- Federal civilian executive-branch agencies. The primary audience. CISA coordinates their quantum-readiness work and is a coordinating body for parts of the OMB M-23-02 cryptographic-inventory effort.
- Critical-infrastructure owners and operators. The Initiative’s stated support target. CISA assesses quantum risk across the 55 National Critical Functions and works through the Sector Risk Management Agencies to help operators plan their transition.
- Technology vendors. Addressed as participants. CISA guidance describes vendor responsibilities and directs organizations to ask vendors about their PQC roadmaps; the product-categories list is a buyer-facing map of which technology classes already have post-quantum options.
- National Security Systems. Out of scope for CISA. NSS run under NSA CNSA 2.0 and NSA authority. An organization that touches both worlds tracks both authorities.
- The commercial sector generally. Not regulated by the Initiative, but the guidance is a widely-used public reference, and CISA’s framing frequently propagates into the sector regulators that follow the federal lead.
Source: CISA Post-Quantum Cryptography Initiative program page.
What does the CISA PQC Initiative actually do?
The Initiative coordinates, publishes practical guidance, assesses critical-infrastructure risk, and executes specific executive-order taskings. Its main lines of work:
- Coordination and the Quantum-Readiness Working Group. It unifies interagency and industry efforts and runs a Quantum-Readiness Working Group as the venue for that coordination, building on prior DHS work and complementing the standards effort at NIST and the national-security effort at NSA.
- The Quantum-Readiness guidance. The foundational output is the NIST factsheet described in the next section, the document most organizations point to first.
- National Critical Functions risk assessment. CISA assesses quantum vulnerability across the 55 National Critical Functions to find where transition work is already underway, where the greatest risk sits, and what may need federal support.
- The product-categories list. Under Executive Order 14306 §2(d)(i), CISA (in consultation with NSA) published “Product Categories for Technologies That Use Post-Quantum Cryptography Standards” on January 23, 2026, identifying technology classes (including cloud services, web software, networking hardware and software, and endpoint security) that are either widely available with PQC support or transitioning toward it. [OPERATOR VERIFY the exact tier names and category counts against the live CISA resource page before quoting them in a deliverable.]
- The CBOM minimum-elements tasking. Under Executive Order 14412 §5(d), CISA (with NIST) is directed to publish guidance on the minimum elements of a CBOM, which is the first time a CBOM is written into a federal directive with a deliverable and a date.
Source: CISA Post-Quantum Cryptography Initiative program page; CISA, “CISA Releases Product Categories List… Pursuant to Executive Order 14306,” January 23, 2026.
What is the CISA/NSA/NIST Quantum-Readiness guidance?
The Quantum-Readiness factsheet is the joint CISA/NSA/NIST publication “Quantum-Readiness: Migration to Post-Quantum Cryptography,” released August 21, 2023, and it’s the single most-cited product of the Initiative. It urges all organizations, especially those supporting critical infrastructure, to begin migration planning early, and it lays out a recommended sequence:
- Establish a Quantum-Readiness Roadmap with named ownership.
- Prepare a cryptographic inventory that identifies where and how public-key cryptography is used across the estate.
- Assess supply-chain exposure to quantum-vulnerable cryptography in third-party and vendor components.
- Engage technology vendors about their post-quantum transition plans.
- Understand vendor responsibilities in the migration, so the burden that belongs to a supplier is tracked as the supplier’s.
That ordering is the practical spine of the whole Initiative. Every later obligation, the OMB M-23-02 inventory reporting, the executive-order transition planning, a future CBOM, assumes an organization already has a roadmap and an inventory underneath it. The inventory step is the one organizations most consistently underscope, because CISA’s version asks for every use of public-key cryptography including firmware, embedded, and third-party components, well beyond the obvious TLS endpoints.
Source: CISA/NSA/NIST, “Quantum-Readiness: Migration to Post-Quantum Cryptography,” August 21, 2023 (PDF); CISA alert, August 21, 2023.
What is the CISA PQC timeline of deliverables?
The Initiative is an ongoing program, but several of its outputs carry firm dates. This is the table that shows how the coordination work has turned into concrete deliverables over time:
| Date | Deliverable | What it is |
|---|---|---|
| July 6, 2022 | Initiative announced | CISA establishes the Post-Quantum Cryptography Initiative |
| August 21, 2023 | Joint guidance | CISA/NSA/NIST “Quantum-Readiness: Migration to Post-Quantum Cryptography” published |
| January 23, 2026 | Product-categories list | CISA publishes the EO 14306 §2(d)(i) list of technology categories with PQC-capable products, updated regularly thereafter |
| Within 270 days of June 22, 2026 | CBOM minimum elements | CISA, with NIST, directed to release CBOM minimum-elements guidance per EO 14412 §5(d) [OPERATOR VERIFY the precise due date and whether it has published] |
| Ongoing | Working group and NCF risk assessment | Quantum-Readiness Working Group; quantum-risk assessment across the 55 National Critical Functions |
Source: CISA Announces Post-Quantum Cryptography Initiative, July 6, 2022; CISA/NSA/NIST factsheet, August 21, 2023; CISA product-categories list release, January 23, 2026; Executive Order 14412, 91 FR 38483.
How does the Initiative relate to the standards and the other mandates?
The Initiative is the civilian-side operational layer beneath the federal policy stack. It doesn’t set standards or algorithm deadlines; it takes the policy and the standards and turns them into a sequence civilian agencies and infrastructure operators can act on. Here’s who does what in the U.S. federal PQC effort:
| Body / document | Role | Relationship to CISA |
|---|---|---|
| NSM-10 (May 2022) | The top-level federal PQC policy directive and the 2035 mitigation goal | The Initiative operationalizes NSM-10’s intent on the civilian and critical-infrastructure side |
| OMB M-23-02 (November 2022) | The binding civilian cryptographic-inventory directive | CISA is a coordinating body for parts of the inventory effort; the factsheet’s inventory step supports compliance |
| Executive Order 14306 (2025) | Directs the PQC product-categories list and TLS 1.3 timelines | CISA (with NSA) published the list on January 23, 2026 |
| Executive Order 14412 (June 2026) | Directs critical-infrastructure assistance and CBOM guidance | CISA assists via Sector Risk Management Agencies (§5(a)) and must publish CBOM minimum elements (§5(d)) |
| NSA CNSA 2.0 | Governs National Security Systems | Outside CISA’s remit; NSA co-authors the joint quantum-readiness guidance |
| NIST IR 8547 and the FIPS suite | The algorithm standards and the deprecation timeline | CISA points organizations to these; NIST co-authors the guidance and coordinates on CBOM elements |
The division worth remembering: NIST decides what the safe algorithms are and when the old ones expire (NIST IR 8547 carries the RSA, ECDSA, and ECDH deprecation dates, not CISA). NSA governs national-security systems. CISA takes all of that and answers the civilian operator’s real question, “so what do I actually do first.”
Source: CISA Post-Quantum Cryptography Initiative program page; CISA/NSA/NIST factsheet, August 21, 2023.
Which algorithms does CISA point organizations toward?
CISA doesn’t set its own algorithm parameters, and it doesn’t deprecate or prohibit any algorithm itself. It points organizations to the NIST FIPS suite and helps them find products that implement it:
- Key establishment. The target is ML-KEM (FIPS 203). CISA guidance and the product-categories list steer organizations toward technologies that implement it.
- Digital signatures. The targets are ML-DSA (FIPS 204) and SLH-DSA (FIPS 205), with stateful hash-based signatures (SP 800-208) for firmware and code signing.
- Symmetric and hash. AES and the SHA-2 and SHA-3 families stay in place under existing NIST guidance; the migration focus is the asymmetric layer.
The deprecation clock for the quantum-vulnerable public-key algorithms (RSA, ECDSA, ECDH, Diffie-Hellman (DH)) lives in NIST IR 8547, not in CISA guidance. The closest the Initiative comes to algorithm specificity is the product-categories list, which points buyers to product classes that implement FIPS 203, FIPS 204, or FIPS 205.
Source: CISA/NSA/NIST factsheet, August 21, 2023; NIST IR 8547 ipd.
How should critical-infrastructure operators use the Initiative?
For a critical-infrastructure operator that no statute binds directly, CISA’s guidance is the practical starting point, and there are three reasons it’s the right one to reach for first. It’s the government’s own stated sequence, so following it is defensible; it’s the framing a sector regulator will recognize, so it travels well; and it’s calibrated to the harvest-now-decrypt-later problem, which is the part of the threat that’s live today regardless of when a quantum computer arrives.
The Initiative is deliberately front-loaded on the “act now” side. It pushes the roadmap and the cryptographic inventory ahead of the binding migration deadlines precisely because inventory takes far longer than teams expect, and because encrypted traffic being recorded today can be decrypted later once a capable quantum computer exists. An operator that reads the joint guidance, stands up a roadmap with real ownership, and begins the inventory is doing the two things every later federal obligation assumes are already done, and it’s doing them in the order the government itself recommends. The urgency doesn’t come from CISA’s advisory status; it comes from the binding mandates the guidance operationalizes and from an organization’s own data-retention exposure.
Source: CISA Post-Quantum Cryptography Initiative program page; CISA/NSA/NIST factsheet, August 21, 2023.
Common misconceptions
- “CISA’s guidance is mandatory.” The Initiative’s own guidance is advisory. Its binding force is borrowed from the directives it operationalizes, the OMB M-23-02 inventory obligation and the Executive Order 14306 and Executive Order 14412 taskings.
- “CISA covers national-security systems too.” It doesn’t. National Security Systems run under NSA CNSA 2.0 and NSA authority. CISA coordinates the civilian and critical-infrastructure side.
- “The product-categories list is a procurement mandate.” Executive Order 14306 specifically removed the procurement-trigger language, so inclusion on the list is a buyer reference, and a vendor shouldn’t market list inclusion as a federal purchasing requirement.
- “CISA sets the algorithm deprecation dates.” The 2030 and 2035 deprecation timelines for RSA, ECDSA, and ECDH live in NIST IR 8547, not in CISA guidance.
- “The Initiative only matters to federal agencies.” Directly it addresses civilian agencies, their vendors, and critical-infrastructure operators. In practice its framing reaches commercial organizations through sector regulators, insurers, and procurement requirements that reference the federal lead.
- “The factsheet is optional reading, so it can wait.” The factsheet is the connective tissue between the mandates. Organizations that skip it tend to find their inventory and transition planning has no roadmap underneath it.
Questions people ask
Is CISA’s PQC guidance law, or just advice? The Initiative’s guidance is advisory recommended practice. It becomes binding only where it carries out a mandate, such as the parts of the OMB M-23-02 inventory effort CISA coordinates or the deliverables the executive orders direct CISA to produce. The urgency behind following it comes from those mandates and from harvest-now-decrypt-later exposure, not from the guidance’s own legal weight.
Does the Initiative apply to my company if I’m not a federal agency? Not as a regulation. If you operate critical infrastructure, CISA is your stated support channel through the Sector Risk Management Agencies. If you’re a general commercial organization, the guidance is a public reference you can adopt, and its framing often reaches you anyway through sector regulators and through the procurement requirements of customers who do have to comply.
What’s the first thing CISA says to do? Read the joint “Quantum-Readiness” guidance and stand up a Quantum-Readiness Roadmap with named ownership, then build a cryptographic inventory of every place public-key cryptography is used. That inventory is the shared foundation for OMB M-23-02 reporting, executive-order transition planning, and any future CBOM.
What is the Quantum-Readiness Working Group? It’s the interagency-and-industry venue CISA runs to coordinate the transition, the forum where the Initiative’s unifying work happens. CISA names it as an activity of the Initiative. [OPERATOR VERIFY the current membership and charter details against a primary CISA source before describing them.]
Does CISA tell me which products to buy? No. The Executive Order 14306 product-categories list identifies technology classes that already have post-quantum-capable products, as a buyer reference. It was explicitly written without procurement-trigger language, so it’s a map of where the market is, not a purchasing rule.
How is CISA different from NIST and NSA on post-quantum? NIST writes the algorithm standards and the deprecation timeline. NSA governs national-security systems. CISA is the civilian coordinator that takes the standards and the policy and turns them into a practical sequence for federal civilian agencies and critical-infrastructure operators. The three co-author the Quantum-Readiness guidance together.
Why does CISA lead with a cryptographic inventory? Because you can’t plan a migration for cryptography you can’t see, and most organizations have never inventoried theirs at the algorithm level. CISA’s inventory step asks for every use of public-key cryptography including firmware, embedded systems, and third-party components, which is a much wider net than the TLS endpoints teams usually think of first.
Is there a hard CISA deadline I have to hit? The Initiative itself doesn’t set migration deadlines. The binding dates come from the mandates it supports, and CISA’s own directed deliverables carry dates, such as the Executive Order 14412 §5(d) tasking to publish CBOM minimum elements within 270 days of June 22, 2026. [OPERATOR VERIFY whether that guidance has published and its precise due date before relying on it.]
Everything here is the map, given freely. When your team needs CISA’s guidance translated into a migration sequenced against your own systems and your own regulators, that’s what an alignment briefing is for.
Last verified 2026-07-09 · Maintained by Addie LaMarr, LaMarr Labs.