NIST Post-Quantum Cryptography Standards: A CIO/CISO Guide
What NIST published
In August 2024, the U.S. National Institute of Standards and Technology (NIST) published the first finalised post-quantum cryptography standards after an eight-year global competition. A fourth standard — FN-DSA (Falcon), expected as FIPS 206 — is on track for 2026.
| Standard | Algorithm | Purpose | Replaces |
|---|---|---|---|
| FIPS 203 | ML-KEM (CRYSTALS-Kyber) | Key encapsulation | RSA-OAEP, ECDH |
| FIPS 204 | ML-DSA (CRYSTALS-Dilithium) | Digital signatures | RSA, ECDSA |
| FIPS 205 | SLH-DSA (SPHINCS+) | Hash-based signatures (backup) | Long-lived signatures |
| FIPS 206 (draft) | FN-DSA (Falcon) | Compact signatures | ECDSA in bandwidth-limited use |
Why this matters now — "harvest now, decrypt later"
Adversaries are already recording encrypted traffic — TLS sessions, VPN tunnels, backup archives — with the expectation of decrypting it once a fault-tolerant quantum computer is available. Any data that must remain confidential beyond 2030 is at risk today. This is the core reason regulators (NSA CNSA 2.0, ANSSI, BSI, MAS, RBI) have moved from "monitor" to "act now" language.
The five-phase PQC migration
1. Cryptographic inventory (0–3 months)
You cannot migrate what you cannot see. Enumerate every use of RSA, ECDH, ECDSA and DSA across TLS endpoints, HSMs, code-signing pipelines, firmware, VPNs, databases and third-party SaaS.
2. Harvest-now-decrypt-later risk model (2–4 months)
Classify data by confidentiality half-life. Anything sensitive beyond 2030 is high-priority; short-lived session data can wait.
3. HSM / KMS upgrade (3–6 months)
Confirm hardware supports ML-KEM and ML-DSA in firmware. Most FIPS 140-3 Level 3 vendors shipped PQC-capable firmware in 2025.
4. Hybrid TLS rollout (6–12 months)
Deploy hybrid X25519+ML-KEM ciphersuites. Chrome, Cloudflare, AWS and Google already support them. Hybrid preserves classical compliance while adding quantum resistance.
5. Full PQC + supply-chain assurance (12–24 months)
Migrate signatures (code, firmware, documents) to ML-DSA. Require PQC evidence in vendor SBOMs.
Get a free PQC readiness assessment
JAQL runs the five-phase rollout inside your own systems in 90–180 days — with a regulator-ready audit trail at every step.
Book a 30-min PQC readiness call →Regulatory timelines you cannot miss
- NSA CNSA 2.0 — U.S. national security systems: PQC-only by 2033, new systems PQC by 2027.
- ANSSI (France) — hybrid mandatory for high-sensitivity systems from 2026.
- BSI (Germany) — PQC recommended for all new procurement 2026.
- MAS (Singapore) — advisory to financial institutions to begin inventory 2025.
- RBI (India) — cyber-resilience framework references quantum-safe roadmaps.
Common pitfalls
- Skipping inventory. Every failed PQC programme skipped inventory and tried to migrate top-down.
- Assuming vendor SaaS is handled. Ask for PQC roadmaps in writing.
- Ignoring signatures. Code-signing keys have 10-year lifetimes — they need PQC first, not last.
- Treating PQC as an IT project. It is a governance programme; boards need quarterly reporting.
Frequently asked questions
What are the NIST PQC standards?
FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), and the forthcoming FIPS 206 (FN-DSA / Falcon).
Do I need to migrate if I already use AES-256?
Symmetric ciphers (AES-256, SHA-384) are considered quantum-safe with adequate key sizes. The urgent migration is for public-key algorithms — RSA, ECDH, ECDSA.
What is a hybrid PQC deployment?
Running a classical algorithm and a PQC algorithm in parallel and combining both shared secrets. Preserves compliance during transition.
How long does a PQC migration take?
12–24 months for a mid-sized enterprise; 24–36 months for a large regulated bank.
Is PQC quantum-proof forever?
No cryptography is provably forever-secure. ML-KEM and ML-DSA are based on lattice problems believed hard for both classical and quantum computers today; SLH-DSA is a hash-based backup in case lattice assumptions weaken.
Ready to start your PQC inventory?
Talk to JAQL's field engineering team. We deliver a scoped inventory and prioritised migration plan in 30 days.
Get started → See our PQC service →← All Learn topics · Post-quantum security explained · Research index
Published by Jumpstart AI and Quantum Labs. Co-founders: Dr. Nupur Mukherjee (Chief Science Officer) and Kishan Sathyan (Chief GTM Officer). JAQL technology is quantum-inspired and runs on classical infrastructure.