Secure Controls Framework
Download The SCF

Post-Quantum Computing (PQC)

Post-quantum computing describes the point at which quantum computers become powerful enough to break the public-key cryptography that protects most of today's digital communications. The algorithms most systems rely on, such as RSA and elliptic curve cryptography, depend on math problems that a large quantum computer could solve quickly. Post-quantum cryptography (PQC), also called quantum-resistant or quantum-safe cryptography, is the new generation of algorithms built to withstand that threat.

This is not a distant problem. Sensitive data can be captured today and decrypted later once a capable quantum computer exists, and migrating cryptography across a large organization takes years. NIST finalized its first post-quantum standards in August 2024, and the SCF's Cryptographic Protections (CRY) domain gives organizations the controls to inventory their cryptography, build crypto-agility, and manage the transition.

The Basics

Why Quantum Computing Threatens Today's Encryption

Modern encryption comes in two forms. Symmetric cryptography, such as AES, is used to encrypt bulk data and is only moderately affected by quantum computing. Public-key cryptography, such as RSA and elliptic curve cryptography, is used to exchange keys and to sign data, and it is the part at serious risk. A sufficiently large quantum computer running Shor's algorithm could derive the private key from the public key, breaking the trust that secures websites, email, software updates, and financial transactions.

The most urgent concern is a strategy known as harvest now, decrypt later. An adversary records encrypted traffic today and stores it, waiting for quantum hardware to mature. Any data with a long confidentiality lifespan, such as health records, financial data, trade secrets, and government information, is already exposed to this risk even though the decryption happens years from now.

Why Act Now

The question is not whether a quantum computer will arrive on a specific date. It is whether your most sensitive data needs to stay confidential longer than it will take quantum computing to mature. For most regulated organizations, the answer is yes, which makes migration a present-day planning problem.

Standards

The NIST Post-Quantum Cryptography Standards

On August 13, 2024, NIST published its first three finalized post-quantum cryptography standards. These are the reference point for US government procurement and the anchor for global industry migration. Each was selected through a multi-year public competition.

FIPS 203 (ML-KEM)

The Module-Lattice-Based Key-Encapsulation Mechanism Standard, derived from the CRYSTALS-Kyber submission. It is the primary standard for establishing shared keys and is expected to be the general-purpose replacement for today's key-exchange methods.

Key Exchange

ML-KEM

FIPS 204 (ML-DSA)

The Module-Lattice-Based Digital Signature Standard, derived from CRYSTALS-Dilithium. It is the primary standard for digital signatures, which protect the authenticity and integrity of software, documents, and communications.

Signatures

ML-DSA

FIPS 205 (SLH-DSA)

The Stateless Hash-Based Digital Signature Standard, derived from SPHINCS+. It provides a signature scheme built on different math from ML-DSA, giving organizations a backup that does not share the same underlying assumptions.

Signatures

Hash-Based

Timelines

The Migration Clock Is Already Running

Federal guidance has set clear direction for when quantum-resistant cryptography must be in place. The NSA's Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), announced in 2022, sets 2035 as the target for national security systems to complete their transition to post-quantum algorithms, with earlier milestones for software and firmware signing. Because agencies continue to refine these dates, confirm the current milestones for your sector before building a plan around them.

Even organizations outside the federal space should treat these timelines as a floor rather than a ceiling. Cryptographic migration touches nearly every system, vendor, and protocol an organization uses, and past cryptographic transitions have taken a decade or more. Waiting for a firm deadline removes the time you need to do the work carefully.

  • Begin adopting quantum-resistant signing for firmware and software first

  • Plan to retire RSA and elliptic curve key establishment in favor of ML-KEM

  • Move digital signatures toward ML-DSA and SLH-DSA over the same period

  • Treat 2035 as the outer boundary for national security systems, not a starting gun

The SCF Approach

How the SCF Supports Quantum Readiness

Post-quantum readiness is a cryptography governance problem before it is a technology problem, and this is where the SCF fits. The Cryptographic Protections (CRY) domain covers the use of appropriate cryptographic solutions and industry-recognized key management practices to protect the confidentiality and integrity of sensitive and regulated data at rest and in transit. Those controls give you the structure to see where cryptography lives and to change it in an orderly way.

The first step in any migration is a cryptographic inventory, so you know where and how cryptography is used across your systems. From there, the goal is crypto-agility, the ability to swap cryptographic algorithms without re-engineering the systems that depend on them. Because the SCF maps its controls to frameworks such as NIST SP 800-53 through the STRM methodology, the same CRY controls that support your current compliance also become the backbone of your PQC transition.

  • A Cryptographic Protections (CRY) domain for cryptographic and key management controls

  • Support for cryptographic inventory and discovery across systems and vendors

  • A foundation for crypto-agility, so algorithms can be replaced without rebuilding systems

  • Third-Party Management (TPM) controls to hold vendors accountable for their PQC roadmaps

  • Transparent mappings to NIST and other frameworks through the NIST IR 8477 STRM methodology

Implementation

Building a Quantum-Readiness Plan

A practical PQC migration follows a repeatable path. These steps turn a broad mandate into work your teams can actually schedule.

01

Inventory Your Cryptography

Discover every place cryptography is used, including protocols, certificates, libraries, hardware, and third-party services.

02

Prioritize by Data Lifespan

Rank systems by how long their data must stay confidential and by their exposure to harvest now, decrypt later collection.

03

Build Crypto-Agility

Refactor systems so cryptographic algorithms are configurable rather than hard-coded, which shortens every future transition.

04

Engage Your Vendors

Ask suppliers for their PQC roadmaps and hold them to the same timelines through your third-party management controls.

05

Test and Migrate

Pilot the NIST-standardized algorithms, often in hybrid mode alongside current algorithms, then roll out and monitor as part of your ongoing control program.

Continue Learning

Explore Related SCF Resources

Post-quantum readiness runs on the same SCF foundation as the rest of your program. Start with these resources.

01

SCF Domains & Principles

See all 33 SCF domains, including the Cryptographic Protections domain that anchors quantum readiness.

02

Relationship Mapping (STRM)

Understand the NIST IR 8477 methodology that maps SCF controls to NIST and other frameworks.

03

NIST SP 800-53 Guidance

See how the SCF aligns with NIST SP 800-53, a core source of cryptographic control requirements.

04

Download the SCF

Get the full SCF as an Excel workbook, CSV, or OSCAL JSON. Free, with no registration required.