Industry News

NIST Releases NIST CSWP 48 IPD – Mapping of Migration to PQC Project to NIST CSF 2.0

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email September 20, 2025
1 minute read
NIST CSWP 48 ipd

Sep 2025 – NIST has just released the initial public draft of CSWP 48, part of its Migration to Post-Quantum Cryptography project: “Mappings of Migration to PQC Project Capabilities to NIST Cybersecurity Framework 2.0 and to Security and Privacy Controls for Information Systems and Organizations.”

The project is here: Migration to Post-Quantum Cryptography and the actual document [PDF]: Mappings of Migration to PQC Project Capabilities to NIST Cybersecurity Framework 2.0 and to Security and Privacy Controls for Information Systems and Organizations

This is the first in a series of implementation-focused white papers under the Migration to PQC initiative. It follows the excellent second public draft of CSWP 39 (Considerations for Achieving Crypto Agility), which was released in August. Together, these documents form a growing body of practical guidance from NIST helping organizations prepare for the transition to post-quantum cryptography.

CSWP 48 maps the real-world capabilities demonstrated in NIST NCCoE’s PQC migration lab environment – like cryptographic asset discovery, algorithm interoperability, and inventory management – to familiar risk frameworks: NIST Cybersecurity Framework 2.0 and SP 800-53.

If you’re planning your PQC migration (and you should be), you need a way to integrate cryptographic modernization into your existing cybersecurity, risk management, and compliance processes. This document can help you with that.

It shows:

  • How core functions like crypto discovery and inventory align with CSF outcomes and SP 800-53 controls
  • Which foundational governance and control practices should be in place before implementing PQC tools
  • Where new PQC-focused activities support broader cybersecurity goals, not just crypto modernization

The public comment period is open through October 20, 2025. Consider contributing if you are in the industry. Our team at Applied Quantum has already completed our review and drafted our comments submission.

In short: it’s a strong initial draft. We did suggest a few areas for future expansion such as tighter integration with supply chain management and enterprise risk strategy, but overall, this paper is already useful if you’re getting started with crypto inventory, discovery, or roadmap planning.

This is exactly the kind of structured, implementation-ready guidance the community needs as we move closer to a post-quantum future.

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email September 20, 2025
1 minute read
Photo of Marin Ivezic

Marin Ivezic

I am the Founder of Applied Quantum (AppliedQuantum.com), a research-driven consulting firm empowering organizations to seize quantum opportunities and proactively defend against quantum threats. A former quantum entrepreneur, I’ve previously served as a Fortune Global 500 CISO, CTO, Big 4 partner, and leader at Accenture and IBM. Throughout my career, I’ve specialized in managing emerging tech risks, building and leading innovation labs focused on quantum security, AI security, and cyber-kinetic risks for global corporations, governments, and defense agencies. I regularly share insights on quantum technologies and emerging-tech cybersecurity at PostQuantum.com.
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Bluesky
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap