Executive Summary
In response to the June 6, 2025, Executive Order (EO) 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” the Cybersecurity and Infrastructure Security Agency (CISA) is providing and regularly updating the below lists to aid in post-quantum cryptography (PQC) adoption. The lists include hardware and software categories with example types of widely available products that use PQC standards to protect sensitive information.1 The lists focus on categories of available products, typically acquired by the federal government, that utilize cryptographic algorithms. Because PQC-capable products are widely available in the listed categories, organizations should acquire only PQC-capable products when planning acquisitions and procuring products in these categories.
Introduction
Purpose
The lists below are CISA’s response to Executive Order (EO) 14306, which instructed:
By December 1, 2025, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), and in consultation with the Director of the National Security Agency, shall release and thereafter regularly update a list of product categories in which products that support post-quantum cryptography (PQC) are widely available.
When a particular category offers widely available PQC-capable products, organizations should plan acquisitions to procure only PQC-capable products from that category.
Scope and Definitions
The scope of the lists below includes categories of hardware and software products that are—or are anticipated to be—widely available and use PQC standards.
Note: “Widely available” describes products that are generally available in the marketplace, and agencies can acquire them in accordance with their typical procurement policies and procedures.
The categories cover hardware and software products that apply PQC standards for encryption and authentication through the following cryptographic functions:
- Key establishment:2 A function in the lifecycle of keying material; the process by which cryptographic keys are securely established among cryp
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: