The Basics
Why Quantum Computing Threatens Today's Encryption
Modern encryption comes in two forms. Symmetric cryptography, such as AES, is used to encrypt bulk data and is only moderately affected by quantum computing. Public-key cryptography, such as RSA and elliptic curve cryptography, is used to exchange keys and to sign data, and it is the part at serious risk. A sufficiently large quantum computer running Shor's algorithm could derive the private key from the public key, breaking the trust that secures websites, email, software updates, and financial transactions.
The most urgent concern is a strategy known as harvest now, decrypt later. An adversary records encrypted traffic today and stores it, waiting for quantum hardware to mature. Any data with a long confidentiality lifespan, such as health records, financial data, trade secrets, and government information, is already exposed to this risk even though the decryption happens years from now.
Why Act Now
The question is not whether a quantum computer will arrive on a specific date. It is whether your most sensitive data needs to stay confidential longer than it will take quantum computing to mature. For most regulated organizations, the answer is yes, which makes migration a present-day planning problem.
Standards
The NIST Post-Quantum Cryptography Standards
On August 13, 2024, NIST published its first three finalized post-quantum cryptography standards. These are the reference point for US government procurement and the anchor for global industry migration. Each was selected through a multi-year public competition.
FIPS 203 (ML-KEM)
The Module-Lattice-Based Key-Encapsulation Mechanism Standard, derived from the CRYSTALS-Kyber submission. It is the primary standard for establishing shared keys and is expected to be the general-purpose replacement for today's key-exchange methods.
FIPS 204 (ML-DSA)
The Module-Lattice-Based Digital Signature Standard, derived from CRYSTALS-Dilithium. It is the primary standard for digital signatures, which protect the authenticity and integrity of software, documents, and communications.
FIPS 205 (SLH-DSA)
The Stateless Hash-Based Digital Signature Standard, derived from SPHINCS+. It provides a signature scheme built on different math from ML-DSA, giving organizations a backup that does not share the same underlying assumptions.
Timelines
The Migration Clock Is Already Running
Federal guidance has set clear direction for when quantum-resistant cryptography must be in place. The NSA's Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), announced in 2022, sets 2035 as the target for national security systems to complete their transition to post-quantum algorithms, with earlier milestones for software and firmware signing. Because agencies continue to refine these dates, confirm the current milestones for your sector before building a plan around them.
Even organizations outside the federal space should treat these timelines as a floor rather than a ceiling. Cryptographic migration touches nearly every system, vendor, and protocol an organization uses, and past cryptographic transitions have taken a decade or more. Waiting for a firm deadline removes the time you need to do the work carefully.
Begin adopting quantum-resistant signing for firmware and software first
Plan to retire RSA and elliptic curve key establishment in favor of ML-KEM
Move digital signatures toward ML-DSA and SLH-DSA over the same period
Treat 2035 as the outer boundary for national security systems, not a starting gun
The SCF Approach
How the SCF Supports Quantum Readiness
Post-quantum readiness is a cryptography governance problem before it is a technology problem, and this is where the SCF fits. The Cryptographic Protections (CRY) domain covers the use of appropriate cryptographic solutions and industry-recognized key management practices to protect the confidentiality and integrity of sensitive and regulated data at rest and in transit. Those controls give you the structure to see where cryptography lives and to change it in an orderly way.
The first step in any migration is a cryptographic inventory, so you know where and how cryptography is used across your systems. From there, the goal is crypto-agility, the ability to swap cryptographic algorithms without re-engineering the systems that depend on them. Because the SCF maps its controls to frameworks such as NIST SP 800-53 through the STRM methodology, the same CRY controls that support your current compliance also become the backbone of your PQC transition.
A Cryptographic Protections (CRY) domain for cryptographic and key management controls
Support for cryptographic inventory and discovery across systems and vendors
A foundation for crypto-agility, so algorithms can be replaced without rebuilding systems
Third-Party Management (TPM) controls to hold vendors accountable for their PQC roadmaps
Transparent mappings to NIST and other frameworks through the NIST IR 8477 STRM methodology
Implementation
Building a Quantum-Readiness Plan
A practical PQC migration follows a repeatable path. These steps turn a broad mandate into work your teams can actually schedule.
01
Inventory Your Cryptography
Discover every place cryptography is used, including protocols, certificates, libraries, hardware, and third-party services.
02
Prioritize by Data Lifespan
Rank systems by how long their data must stay confidential and by their exposure to harvest now, decrypt later collection.
03
Build Crypto-Agility
Refactor systems so cryptographic algorithms are configurable rather than hard-coded, which shortens every future transition.
04
Engage Your Vendors
Ask suppliers for their PQC roadmaps and hold them to the same timelines through your third-party management controls.
05
Test and Migrate
Pilot the NIST-standardized algorithms, often in hybrid mode alongside current algorithms, then roll out and monitor as part of your ongoing control program.
Continue Learning
Explore Related SCF Resources
Post-quantum readiness runs on the same SCF foundation as the rest of your program. Start with these resources.
01
SCF Domains & Principles
See all 33 SCF domains, including the Cryptographic Protections domain that anchors quantum readiness.
02
Relationship Mapping (STRM)
Understand the NIST IR 8477 methodology that maps SCF controls to NIST and other frameworks.
03
NIST SP 800-53 Guidance
See how the SCF aligns with NIST SP 800-53, a core source of cryptographic control requirements.
04
Download the SCF
Get the full SCF as an Excel workbook, CSV, or OSCAL JSON. Free, with no registration required.
.png)

%20(white).png)