CISA’s “Quantum-Readiness” Fact Sheet: A Call to Prepare for Post-Quantum Cryptography

22 Aug 2023 – The Cybersecurity and Infrastructure Security Agency (CISA) together with the NSA and NIST released a joint cybersecurity factsheet titled “Quantum-Readiness: Migration to Post-Quantum Cryptography.” This document was created to inform organizations – “especially those that support Critical Infrastructure” – about the looming impact of quantum computing on today’s encryption, and to “encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap”.

In other words, U.S. cyber authorities are urging executives and security leaders to start preparing now for a world where quantum computers can break our current public-key cryptography.

Why prepare now? Because transitioning an entire enterprise to quantum-safe systems will be a long and complex effort. As the factsheet notes, a successful migration to post-quantum cryptography “will take time to plan and conduct,” so waiting until quantum attacks are imminent could be too late. CISA, NSA, and NIST “urge organizations to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments and analysis, and engaging vendors”. The urgency behind this guidance is underscored by the threat of “harvest now, decrypt later” operations, where adversaries steal sensitive encrypted data today in hopes of decrypting it tomorrow with quantum capabilities. In effect, any data with a long secrecy lifetime – from critical infrastructure blueprints to personal medical records or state secrets – could be at risk if stolen now and decrypted years from now by a powerful quantum computer (often termed a CRQC, or cryptanalytically relevant quantum computer).

Many of the cryptographic systems we rely on (RSA, Diffie-Hellman, elliptic-curve algorithms, etc.) will need to be “updated, replaced, or significantly altered” to quantum-resistant alternatives to defend against this future threat. The bottom line for security leaders is clear: we must begin the post-quantum migration planning immediately, well before large-scale quantum attacks materialize.

Establish a Quantum-Readiness Roadmap

How should organizations start? The first recommendation in the new CISA/NSA/NIST guidance is to establish a formal quantum-readiness roadmap for your enterprise. Even though NIST’s first post-quantum cryptographic (PQC) standards were only just being finalized (released in 2024), you cannot afford to wait for perfect information.

The authoring agencies advise assembling a dedicated project management team now to plan and scope your organization’s migration to PQC. This cross-functional team (spanning IT, OT, and risk management) should set the strategy and timeline for replacing or upgrading any quantum-vulnerable cryptography in your environment.

A key early task for the team is to initiate proactive cryptographic discovery – essentially, mapping out where and how your systems currently use public-key encryption and digital signatures that a quantum computer could eventually break. By identifying all such uses of cryptography (for example, uses of RSA or ECDSA in authentication, software updates, communications, etc.), you lay the groundwork for a structured transition.

The factsheet emphasizes that planning now, ahead of the threat, is the only way to stay ahead of quantum risks. Organizations that develop a quantum-readiness roadmap today – complete with an executive mandate, resource allocation, and interim milestones – will be far better positioned to rapidly implement PQC solutions once standards are finalized and products become available.

Inventory Your Cryptography

As part of your roadmap, taking a comprehensive cryptographic inventory is an essential next step. You can’t protect what you don’t know you have. CISA’s guidance makes clear that having an up-to-date inventory of all quantum-vulnerable technologies – along with the sensitivity and criticality of the data those systems protect – “enables an organization to begin planning for risk assessment processes to prioritize its migration to PQC”.

In practice, this means cataloguing all the places in your IT and OT environments where public-key cryptography is used (or where data is encrypted and needs long-term confidentiality). This cryptographic inventory will become the foundation of your quantum risk assessment and migration plan. It helps your organization become “quantum-ready” – a state in which a future CRQC attack would pose minimal threat to your critical assets. It can also inform other security efforts (for instance, by highlighting components that may need a Zero Trust Architecture approach or extra network segmentation in the interim).

What should be in your crypto inventory? Start by identifying instances of any algorithms vulnerable to quantum attacks (like RSA, ECC, DH, etc.) across all systems. The factsheet suggests using automated discovery tools to locate quantum-vulnerable algorithms in various technical layers, including:

• Network protocols: Look at your network traffic and configurations to find where legacy or quantum-vulnerable encryption algorithms are used (for example, in VPNs, TLS configurations, or device communications).
• Applications and firmware: Audit the software running on end-user devices and servers – including applications, libraries, and firmware – to spot any use of vulnerable cryptographic functions (whether for data encryption, digital signatures, or software update verification).
• Development pipelines: Don’t forget your own code. Check your source repositories, CI/CD pipelines, and build processes for any cryptographic code or dependencies that rely on older algorithms.

Be aware that some cryptography might be hidden inside vendor products or hardware in ways that scanners can’t easily detect. The guidance notes that discovery tools may not find embedded cryptographic modules, so organizations should ask their vendors for documentation or lists of any cryptographic algorithms embedded within their products.

Your inventory should also record context for each item – what data or function is this cryptography protecting, and how long does that data need to remain secure? This helps in pinpointing the highest-risk areas. For instance, if a certain database or control system handles sensitive data that must remain confidential for 10+ years, any quantum-vulnerable encryption guarding it is a prime candidate for early upgrade. By correlating your crypto inventory with asset inventories and data classification (e.g. identifying which critical processes or datasets rely on each cryptographic instance), you can feed these insights into your risk management process.

The goal is to prioritize where to implement PQC first – ensuring that as soon as quantum-resistant solutions are available, your most vital assets are first in line for protection.

Engage Vendors and Build a Quantum-Ready Supply Chain

No organization operates in isolation – your security is only as strong as the weakest link in your technology supply chain. That’s why the joint factsheet urges companies not only to internalize a plan, but also to engage actively with their vendors about post-quantum migration. CISA and its partners “encourage organizations to start engaging with their technology vendors to learn about vendors’ quantum-readiness roadmaps, including migration”. In other words, reach out to your software providers, hardware manufacturers, cloud service providers, and other suppliers and ask: What’s your plan for post-quantum cryptography? Any vendor that handles cryptography should ideally have a roadmap of its own for updating products to support PQC. Solid vendor roadmaps will outline how and when they plan to migrate their offerings to PQC, including timelines for testing the new algorithms and integrating them into product updates. This applies both to on-premises commercial-off-the-shelf products and to cloud-based services – whatever your organization relies on.

Ideally, vendors will be transparent and publish their post-quantum migration plans publicly, signaling a firm commitment to be ready as soon as standards permit. As a customer, you should factor quantum-readiness into procurement and contract discussions today. The factsheet explicitly advises organizations to proactively plan for necessary changes to contracts: ensure that new procurements will come with PQC built-in, and that there are provisions or timelines for existing products to be upgraded to quantum-safe algorithms. It may feel early, but incorporating these expectations now will save time later. For example, if you’re negotiating a cloud service agreement or buying a new ICS platform for a utility, include language about compliance with NIST’s PQC standards once they’re available. This creates accountability, so vendors know you expect support for post-quantum crypto as those capabilities mature.

Beyond your primary IT vendors, take a holistic look at supply chain quantum-readiness. Assess your dependencies: which third-party systems, open-source components, or outsourced services in your environment make use of public-key cryptography? And how will those parties handle the quantum transition? CISA’s guidance suggests organizations develop an understanding of their reliance on quantum-vulnerable crypto across all systems and ask each supplier how they are addressing the issue. In practice, this means having frank conversations with partners and service providers: Do they have a timeline for updating their protocols and software libraries to PQC? Have they tested the NIST-approved algorithms? If a vendor has no good answer, that may be a red flag – or at least a prompt to push for a plan.

When triaging where to focus first, prioritize high-impact and long-lifespan systems. Not all assets carry equal risk if quantum encryption-breaking becomes reality. The agencies advise giving priority to “high impact systems, industrial control systems (ICS), and systems with long-term confidentiality/secrecy needs”. For example, the control systems running critical infrastructure (power grids, transportation, etc.) or any system managing data that must remain secret for decades (think national security or personal health data) should be at the top of your list for quantum-safe upgrades. Legacy or custom-built applications deserve attention too. If you discover that an in-house application or an older piece of hardware uses vulnerable cryptography, you’ll need to scope out how to remediate it. The factsheet notes that custom and older products may require the most effort to make quantum-resistant – you might need to retrofit new crypto into old code, or, if that’s impractical, implement compensating controls like network isolation until a longer-term fix is in place.

By contrast, for mainstream commercial products, you will depend on the vendor’s updates – which again underscores the importance of vendor engagement. Treat the migration to PQC as a core part of your IT/OT modernization strategy, not a side project. Your quantum-readiness roadmap should map out each critical vendor’s milestones (e.g. “Vendor X will deliver a PQC-enabled version by 2025 Q4”) and align them with your internal transition plans and budget. And don’t forget about cloud services: engage your cloud providers about their quantum security preparations as well. Make sure they have a plan to roll out PQC in their platforms, and be ready to enable new quantum-safe options or configurations as soon as they’re offered. Many cloud environments will likely make PQC available quickly once standards are finalized, but it’s up to you to turn those features on and reconfigure applications to use them.

Vendors’ Responsibility: Secure by Design for the Quantum Era

One important aspect of the fact sheet is that it places responsibility not just on end-users and enterprises, but squarely on the technology vendors to support this transition. As the document states, manufacturers and software providers whose products use today’s cryptography should already be planning and testing for integration of the new quantum-resistant algorithms. CISA, NSA, and NIST encourage vendors to review NIST’s draft PQC standards (even before finalization) and to start adapting their products accordingly. In essence, the government is telling the tech industry: “Don’t wait—get ready now.” Embracing post-quantum encryption isn’t just an aspirational goal; it’s part of what it means to build secure products in this decade. In fact, ensuring that products use strong, quantum-resistant crypto is “emblematic of Secure by Design principles” that CISA has been championing. Vendors should be prepared to roll out PQC-based features or updates “as soon as possible after NIST finalizes its standards”. As a security leader, it’s worth conveying this expectation to your suppliers: we will favor products that are built secure-by-design for the post-quantum future.