Deep Dive Series

CNSA 2.0: Inside NSA’s Post-Quantum Requirements

The NSA’s Commercial National Security Algorithm Suite 2.0 is the most operationally specific post-quantum cryptography mandate in the world. It names the exact algorithms, specifies the exact parameter levels, and sets hard deadlines by system category — starting with a procurement gate in January 2027 that turns PQC from a planning exercise into a pass-fail acquisition requirement. With defense acquisition cycles running 18 to 36 months, systems being designed today will be delivered after the deadline. The planning window is already behind us for many programs.

This Deep Dive series breaks CNSA 2.0 apart from the inside out — starting with the complete algorithm and timeline reference, then examining the 2027 procurement gate that most organizations are underestimating, before mapping the growing divergence between national PQC requirements around the world. It then turns to the people who must actually implement this: the defense industrial base facing a compound compliance squeeze, financial services organizations adopting CNSA 2.0 as a voluntary benchmark, and the cryptographic choices NSA made — and didn’t make — that reveal how they think about lattice security and the road ahead.

 

Related Resources

PQC Migration Framework

Whether you’re migrating to satisfy CNSA 2.0, NIST guidelines, or your organization’s own risk assessment, the underlying process is the same: inventory your cryptography, assess the risk, select algorithms, pilot hybrid deployments, and migrate. The open-source PQC Migration Framework at pqcframework.com provides the structured methodology — from defense contractors implementing CNSA 2.0 to financial institutions voluntarily adopting its algorithm choices.

For the broader organizational readiness question — how to brief a board, build the business case, and staff the program — see Quantum Ready, the forthcoming practitioner’s guide to quantum readiness.

  • CNSA 2.0 NSA Post-Quantum PQC
    Marin IvezicMay 14, 2026

    CNSA 2.0: The Complete Guide to NSA’s Post-Quantum Requirements

    The definitive vendor-neutral reference to NSA's Commercial National Security Algorithm Suite 2.0 — the most operationally specific post-quantum cryptography mandate in the world. This guide breaks down every component of CNSA 2.0 in one place: the complete algorithm suite with NIST standard names and FIPS references (ML-KEM-1024, ML-DSA-87, AES-256, SHA-384/512, LMS, XMSS), why NSA mandates only the highest parameter levels, the full category-by-category transition timeline from the January 2027 procurement gate through 2033 legacy phase-out, the enforcement mechanics that give each deadline teeth (NIAP validation, CMVP certification, RMF integration, the waiver process), and the exclusions that reveal NSA's strategic thinking — why SLH-DSA was left out, why FN-DSA will not be added, why HashML-DSA is prohibited, and what these choices signal about NSA's confidence in lattice cryptography. The guide also maps how CNSA 2.0 relates to NIST's broader PQC standards, the policy stack it sits within (CNSSP 15, NSM-10, EO 14144), and why CNSA 2.0's influence increasingly extends beyond National Security Systems into defense contracting, financial services, and allied nation procurement. Whether you are a CISO assessing your organization's exposure, a vendor determining whether your products meet the requirement, or a program manager writing acquisition documents for systems that will deliver after the 2027 gate, this is the single reference designed to answer every CNSA 2.0 question without the vendor pitch.

    Read More »