Resources
ADDIE LAMARR · APRIL 2026
FORMER USAF COMSEC SPECIALIST · FORMER FBI CISO ADVISOR · NIST HIGH VALUE ASSET POLICY CONTRIBUTOR
The National Institute of Standards and Technology finalized three post-quantum cryptographic standards in 2024: FIPS 203, 204, and 205. This concluded an 8-year standardization process. For most enterprise organizations, the standards resolve one question (which algorithms to migrate to), while leaving the harder operational questions completely unaddressed.
What NIST Finalized
FIPS 203 — ML-KEM
Replaces key exchange mechanisms using RSA or elliptic curve Diffie-Hellman. Addresses HNDL exposure: asymmetric encryption protecting data in transit or at rest with long confidentiality requirements.
FIPS 204 — ML-DSA
Replaces RSA and ECDSA for digital signatures. Addresses trust and integrity exposure: the threat to PKI, code signing infrastructure, device identity, and certificate chains.
FIPS 205 — SLH-DSA
A second digital signature standard based on hash functions rather than lattice mathematics. A conservative backup with a fundamentally different security assumption from ML-DSA.
What the standards do not provide: a migration timeline specific to any organization, an inventory of where current cryptographic exposure lies, or a roadmap for sequencing remediation given vendor dependencies. NIST solved the algorithm selection problem. Everything else remains an organizational problem.
Two Timelines That Must Be Kept Separate
CISOs approaching PQC planning face two distinct timelines. Conflating them produces planning that is wrong for both.
THE COMPLIANCE TIMELINE
External and fixed. Regulators, frameworks, and government directives are establishing when organizations must demonstrate PQC readiness.
- —NSA CNSA 2.0: phased milestones beginning before 2030
- —BIS: dedicated quantum-readiness roadmap
- —G7 Cyber Expert Group: sector-specific PQC statement, Jan 2026
- —UK NCSC: discovery by 2028, early migration by 2031, full migration by 2035
THE ADVERSARIAL TIMELINE
Different in kind. It is the relationship between how long the most sensitive data must stay confidential (X), how long a full migration will actually take (Y), and how long until a cryptographically relevant quantum computer exists (Z), expressed as Mosca's Theorem.
If X + Y exceeds Z, action is required now, regardless of the compliance deadline.
Full explanation of Mosca's Theorem →What CISOs Are Getting Wrong
- —
Treating this as an algorithm problem
The algorithm question is resolved. The operational problem is inventory, governance, and sequencing. Most organizations cannot answer where they use public-key cryptography across all systems and vendor dependencies at evidence-grade accuracy.
- —
Assuming the inventory exists
Cryptographic knowledge in most enterprise environments lives in network diagrams, system documentation, and institutional memory. Network diagrams do not capture vendor-managed TLS termination. System documentation does not capture what the CDN, the cloud KMS, or the identity provider is doing with key material.
- —
Treating vendor dependency as someone else's problem
The majority of enterprise cryptographic surfaces are outside organizational control: managed PKI, cloud KMS, SaaS identity providers, CDN certificate management, code signing platforms. A roadmap that treats vendor dependency as an adjacent concern will fail when it contacts the actual engineering environment.
- —
Conflating HNDL with Non-HNDL risk
These two categories have different urgency profiles, different action types, and different ownership routing. A roadmap that conflates them applies the wrong remediation logic to both.
- —
Equating compliance documentation with transition governance
A PQC compliance checklist can be produced without a functional transition plan. The organization that has documentation without an executable roadmap has not reduced quantum risk. It has produced paper that will be exposed the first time a regulator or auditor asks for the underlying program.
If any of these gaps describe your current posture, a structured conversation is the right next step.
Request an Initial Briefing →What to Have Documented in the Next Two Quarters
- —
A data longevity classification
For the data categories with the longest required confidentiality horizons, what is the honest X? Mosca's Theorem applied to those values, with a realistic Y, determines whether the adversarial timeline is more urgent than the compliance deadline.
- —
An honest cryptographic presence map
A documented, defensible answer to: where is asymmetric encryption protecting the data categories with the highest longevity exposure? This requires examining PKI, TLS termination points, encrypted backup infrastructure, key management systems, and high-risk third-party integration points.
- —
A vendor dependency snapshot
Which cryptographic surfaces in scope are controlled by external vendors? For the highest-priority dependencies, does a documented PQC migration roadmap exist from that vendor? Is the commitment contractually enforceable?
- —
A board framing document
A memo, in business impact language, that explains organizational exposure, the HNDL and Non-HNDL risk profile, and the investment required to execute a transition program. A risk and investment memo the board can make a governance decision against.
What the Board Will Ask
Enterprise boards are increasingly raising these questions in audit, risk, and technology committee settings:
- —"Is our data already in a collection pool?"
- —"What is our timeline relative to the adversarial timeline, beyond the regulatory deadline?"
- —"Who owns this internally, and at what level of authority?"
- —"What would a transition program cost, and over what period?"
- —"What is the regulatory exposure if we do not address this?"
- —"What are our critical vendors doing, and how do we verify it?"
A CISO who cannot answer these questions with documented evidence is in a governance gap. That gap is becoming visible in regulatory examinations and board risk conversations at an accelerating rate.