Inside the DoW Post-Quantum Strategy: The Defense Half of Trump’s PQC Mandate

June 23, 2026 — One day after President Trump signed two quantum executive orders, the Department of War released its Post Quantum Cryptography Strategy, the first department-wide plan for migrating the U.S. military’s cryptographic systems to post-quantum cryptography (PQC). DoW Chief Information Officer Kirsten Davies, sworn in last December, announced the release and tied it directly to the executive actions of the previous day.

The document itself is dated earlier. It carries an “Approved for Open Publication” clearance stamp from April 16, 2026, and a foreword signed at the start of that month. It was held and released on June 23 to land alongside the executive orders, which is the first thing worth noticing about it.

The strategy is the defense-side companion to Executive Order 14412, and that pairing is the story: for the first time, U.S. post-quantum migration carries dated deadlines on both sides of the line that separates ordinary federal systems from National Security Systems (NSS). EO 14412 sets the deadlines for federal civilian high-value assets, high-impact systems, and contractors, and it leaves NSS under CNSA 2.0. The DoW strategy is what fills that NSS space.

The strategy sets two headline dates. By December 31, 2030, all DoW systems must support PQC or be phased out. By December 31, 2031, all DoW systems must use PQC, “unless otherwise noted.” For National Security Systems specifically, the strategy points to the NSA’s CNSA 2.0 algorithm suite as the required baseline. It organizes the work into five lines of effort: optimize departmental governance, baseline the cryptographic inventory and plan, develop and analyze algorithms and protocols, integrate commercial solutions, and deploy quantum-resistant devices. It splits execution into two acquisition tracks: a High Assurance End Cryptographic Unit (HA-ECU) track for NSA-certified devices dependent on the NSA Key Management Infrastructure (KMI), and a Commercial Solutions track built on NIST-standardized algorithms in commodity IT.

The strategy did not arrive from nowhere. It builds on a November 2025 DoW CIO memorandum, “Preparing for Migration to Post-Quantum Cryptography,” that already required component-level cryptographic inventories, named migration leads, and pre-deployment approval for PQC technologies, and that set a hard phase-out date for insecure pre-shared-key and symmetric key-establishment approaches by the end of 2030. The new strategy is the umbrella over that operational guidance.

It also did not arrive alone. The same week, the administration signed EO 14413 on quantum innovation, which directs the Secretary of War to identify at least three next-generation quantum sensor projects to field by September 30, 2028, and the DoW announced a quantum sensing initiative expected to invest up to $200 million within the next year. Taken together, the executive orders, the PQC strategy, and the sensing program amount to a coordinated quantum-security mobilization across both offense and defense, compressed into a few days.

Davies framed the strategy in mission terms, calling network modernization “only a first step” and citing the need to protect satellite communications, command systems, and the tactical edge. The DoW press release went further, claiming the department would “accelerate ahead of the timelines” set by the cryptography executive order (the release still referred to it as EO 14409, before the Federal Register assigned the official designation EO 14412). That claim deserves a closer look, because it does not survive contact with the actual deadlines.

My Analysis

Two Documents, One Mandate, Drawn Along the Civilian–Defense Line

For four years, U.S. federal PQC policy was a planning exercise. National Security Memorandum 10 (NSM-10) and OMB M-23-02 told agencies to inventory their cryptography and start preparing. They set planning milestones and a 2035 risk-mitigation goal, but no hard migration-completion dates. The Trump administration then spent a year moving in the opposite direction, with EO 14306 in June 2025 stripping the procurement triggers out of the Biden framework. As I wrote when EO 14412 was signed, that order reversed the drift and converted four years of guidance into dated, enforceable outcomes.

What the same-day release of the DoW strategy makes clear is how deliberately the civilian and defense halves were designed to interlock. EO 14412 governs federal civilian high-value assets and high-impact systems and reaches the private sector through a Federal Acquisition Regulation (FAR) rule. It explicitly leaves National Security Systems where they already sat, under CNSA 2.0. That carve-out is not an oversight. NSS run on their own authorities, their own certification regime, and their own key infrastructure, all of it gated by the NSA. The civilian executive order has no business setting deadlines for a nuclear command-and-control link.

So the DoW strategy is the other half of the same instrument. It is the document that says what happens to the systems EO 14412 deliberately does not touch. Read on its own, it looks like one more agency migration plan. Read next to the executive order, it completes a picture that the U.S. government has never had before: every DoW system and every federal civilian high-value asset and high-impact system now sits under a dated deadline with a named accountable official. The remaining civilian estate still falls under the broader NSM-10 deprecation trajectory, but the systems that matter most are covered. The defense industrial base feels both halves at once, which I will come back to.

Why 2030 and 2031 Mean Different Things in Each Document

Here is the part almost every write-up of this week’s news has missed. The executive order and the DoW strategy both land on 2030 and 2031, and the convergence looks like alignment. The two documents are slicing the deadline along entirely different axes.

EO 14412 splits by cryptographic function. Federal high-value assets and high-impact systems, with National Security Systems carved out by name, must use PQC for key establishment by December 31, 2030, and for digital signatures by December 31, 2031. The logic is sound and I have argued for this sequencing for years: key establishment goes first because Harvest Now, Decrypt Later (HNDL) is an active threat against data in transit today, and because swapping ML-KEM (formerly CRYSTALS-Kyber) into a key exchange is operationally lighter than rebuilding a certificate hierarchy. Signatures get the extra year because ML-DSA (formerly CRYSTALS-Dilithium) migration touches PKI, cross-certification, and the full certificate lifecycle.

The DoW strategy splits by migration stage. All systems support PQC or get retired by 2030. All systems use PQC by 2031. That is a capability gate followed by an exclusive-use gate, and it is lifted directly from how CNSA 2.0 frames its own transition. Both dates are the same as the executive order’s. Neither means the same thing.

Stack the two decompositions and a third appears underneath them. CNSA 2.0, which governs the NSS at the center of the DoW’s plan, schedules its own transition by product category, not by function or by stage. The NSA’s published timeline puts software and firmware signing and traditional networking at exclusive use by 2030, but pushes web and cloud services, operating systems, and large public-key infrastructure and niche equipment out to 2033.

Now picture a CISO at a defense prime. As a federal contractor, the firm answers to EO 14412’s FAR rule, which flattens everything to one date: comply with NIST’s PQC FIPS by 2030. The federal agencies it sells to slice the same deadline by function, key establishment by 2030 and signatures by 2031, for their high-value and high-impact systems. Its NSS-adjacent work slices the deadline by stage, support by 2030 and use by 2031, under the DoW strategy. And the NSS hardware underneath slices it by product category under CNSA 2.0, where the categories run out to 2033. The same two years, decomposed three different ways, plus a flat procurement date, none of them congruent. The headline convergence is real, and it is also the thing most likely to produce a compliance failure, because the systems hardest to migrate are exactly the ones where the schedules diverge.

The Three Words That Soften the Whole Thing

“Unless otherwise noted.” That phrase appears next to the DoW’s 2031 use deadline, and it is the single most consequential clause in the document. It is also the clause that quietly reintroduces 2033.

The DoW strategy commits NSS to CNSA 2.0. CNSA 2.0’s exclusive-use dates run to 2033 for operating systems, web and cloud, and the large PKI and constrained-device categories. When the strategy says “all DoW systems must use PQC by 2031, unless otherwise noted,” the “otherwise noted” is doing the work of deferring the hardest categories to the CNSA 2.0 schedule. And the hardest categories are exactly the ones the strategy spends most of its length on: the embedded High Assurance ECUs in weapon platforms, the enterprise DoW PKI, the constrained edge devices in unmanned and space systems. Those are the systems with a 2033 backstop baked in by reference, not a 2031 deadline.

This is what makes the press release’s “accelerate ahead of the timelines set by Executive Order 14412” claim less impactful. Start with the fact that the executive order does not set timelines for the DoW’s NSS in the first place. Section 4 of EO 14412 scopes its deadlines to high-value and high-impact systems “excluding National Security Systems,” and it routes NSS through a separate reporting channel that leaves them under CNSA 2.0. There is no EO deadline for the DoW to run ahead of on its core mission systems, because the order deliberately does not reach them. On the civilian-style systems where the comparison is fair, the DoW’s own milestones are softer, not harder. The order requires HVAs and high-impact systems to use PQC for key establishment by 2030. The DoW strategy requires only that systems support PQC by 2030, with use deferred to 2031. A capability gate is a weaker commitment than a completed migration.

Just to be clear: the DoW is moving fast on tempo. It issued a department-wide strategy within a day of the executive orders, it already has the November 2025 memo in force, and it is standing up governance and inventory now rather than waiting for OMB’s 90-day civilian guidance. That speed of mobilization is real and it is to Davies’s credit. What is not real is the implication that the DoW has committed to earlier end dates than the rest of government. It has committed to the same 2030 and 2031 scaffold as everyone else, with the 2033 long tail that CNSA 2.0 always carried. The “ahead” is about how fast the department started, not about when it finishes.

What the Strategy Gets Right

I spend a lot of time on this site pushing back against vendor-driven quantum fear, so let me be equally direct about where this document is genuinely good, because it is.

The best thing in it is that authentication is not optional. The strategy states that a solution migrating only confidentiality, with no PQC authentication, will not count as PQC at all. This is the point I have been making under the banner of Trust Now, Forge Later (TNFL) for years: the signature and authentication threat is systematically underweighted next to encryption, and most migration programs quietly treat key establishment as the whole job. For a department whose catastrophic scenarios include forged firmware signatures on weapon systems and impersonation against PKI-gated command and control, putting authentication on equal footing with confidentiality is the correct call. The executive order makes the same judgment with its separate signature track. Seeing TNFL logic written into federal policy on both the civilian and defense sides, in the same week, is a real shift in how seriously the authentication threat is being taken.

The second strong move is the strategy’s definition of done. It states that quantum resistance is achieved not when PQC is rolled out but when the vulnerable algorithms are gone from the entire data pathway and lifecycle, including supply chains, data at rest, and data in transit. A mission thread with one un-migrated hop is not migrated. This is the completeness discipline that organizations routinely skip when they enable ML-KEM in TLS, declare victory, and leave data sitting at rest under RSA-wrapped keys. The strategy refuses to let “rollout” substitute for “deprecation,” and that is the harder and more honest standard.

Third, the document is blunt about false quantum substitutes. It refuses quantum key distribution (QKD), quantum networking, non-local quantum randomness, and pre-shared-key approaches that lack PQC asymmetric key establishment as legitimate routes to quantum resistance. This is consistent with the NSA’s long-standing position and with the November memo, and it is correct. I would defend this stance against anyone selling QKD into a defense procurement. Consolidating it into a public strategy with no hedging closes off a great deal of vendor mischief.

None of this is throat-clearing before a takedown. The conceptual core of the document is right. The problems are in execution, and they are predictable.

The Validation Chokepoint Sits on Both Tracks

The single biggest execution risk in the DoW strategy is certification throughput, and the same-day pairing with EO 14412 makes the problem worse, not better, because the chokepoint exists on both tracks at once.

On the High Assurance side, every NSA-certified ECU funnels through the NSA: the KMI, the device certification, the risk acceptance under the Operational Security Doctrine. The strategy knows this is a bottleneck and lists “streamline NSA certification and evaluation” as a governance objective. The mitigation is thin relative to the problem. Reciprocity and streamlined intake tracking do not add certification capacity, and Type 1 certification has historically been the binding constraint on military crypto modernization. If that capacity is the limit, the HA-ECU portion of the 2030 and 2031 timeline is the most fragile part of the plan, and a paragraph about reciprocity does not fix a throughput problem.

On the commercial side, the executive order’s own bottleneck appears: the Cryptographic Module Validation Program (CMVP). FIPS 140-3 validation currently runs around 18 months or longer, and EO 14412 orders NIST to accelerate it precisely because that timeline does not fit a 2030 contractor deadline. So the coordinated rollout has a validation chokepoint on each track: NSA certification gating the High Assurance devices, CMVP gating the commercial products. Both documents acknowledge their respective chokepoint. Neither has actually widened it. An order to “accelerate” a certification queue is a statement of intent, and intent has never validated a cryptographic module. This is the shared weak point of the entire federal effort, and it is the place I would put my own money if I were betting on which 2030 dates slip.

Crypto-Agility Meets the Hardware That Cannot Flex

The strategy champions cryptographic agility throughout, with the appropriate caveat that enabling agility must not introduce new vulnerabilities. Good caveat. The document never confronts the contradiction sitting underneath it.

The hardest agility problem in the entire DoW portfolio is the High Assurance ECU: burned-in, certified as a sealed unit, frequently impossible to patch in the field. The strategy spends most of its engineering attention on exactly the class of device that is architecturally least able to be agile. You can want crypto-agility, and you can field certified hardware that cannot accept a new algorithm without a full re-certification cycle, but you cannot pretend the second does not undercut the first. A tactical radio or an inline encryptor that has to go back through NSA certification to change its key-establishment primitive is not agile in any operational sense, no matter how the firmware is structured. The strategy would be stronger for naming this tension and saying how the department intends to resolve it, rather than treating agility as a property that can simply be specified into existence.

The Stateful-Signature Problem Nobody Is Naming

The strategy’s “use secure software and firmware signing” objective is treated as a routine inventory-and-upgrade task. It is not, and the reason matters for anyone running a defense software supply chain.

CNSA 2.0 specifies LMS and XMSS for signing. Those are stateful hash-based signature schemes, and CNSA 2.0 deliberately excludes the stateless alternative, SLH-DSA (formerly SPHINCS+). The NSA chose stateful schemes here for a reason: firmware signing is a controlled environment where you can keep an exact count of how many times a key has signed, and that countability is what makes stateful schemes safe to use. The cost is that the operational burden lands entirely on whoever runs the signing infrastructure. State must be tracked perfectly. Reusing a one-time key, through a botched backup, a restored snapshot, or two signing servers drawing from the same key tree, is catastrophic for the signature’s security. I have written at length about why stateful hash-based schemes carry serious operational hazards in environments where key state can fork. For a defense firmware supply chain, where a forged update is one of the threat scenarios the strategy itself names, this is not a footnote. The document flags none of it.

The Defense Industrial Base Caught in the Pincer

Where the two documents overlap most is the defense industrial base, and that is where the compliance burden compounds rather than adds.

From the executive order side, the FAR rule will require covered contractors to comply with NIST FIPS incorporating PQC by December 31, 2030. Federal procurement is the largest lever the U.S. government has over private-sector technology, and that provision converts PQC from a government-internal exercise into a market requirement that flows down the entire supply chain. From the DoW side, the strategy directs updates to the Cybersecurity Maturity Model Certification (CMMC) to include PQC requirements and the migration of external certificate authorities to PQC certificates, and it sits on top of the November 2025 memo’s inventory, named-lead, and pre-deployment-approval regime. Davies framed this as preparing the DIB for “upcoming FAR cryptographic compliance,” which is a clean way of saying the contractor base now feels the squeeze from both sides at once.

A defense prime now faces the FAR rule for its federal civilian work, CMMC-PQC and the November memo for its defense work, and CNSA 2.0 for anything NSS-adjacent. The CBOM mandate in EO 14412, which directs CISA and NIST to define minimum elements for a cryptographic bill of materials within 270 days, is the one piece of good news for these organizations, because it gives them a standard taxonomy to demand structured cryptographic data from their own suppliers. I have argued for years that you cannot migrate what you cannot inventory, and a federal CBOM standard is the prerequisite for any of this to be auditable. The DIB will need it, because three overlapping compliance regimes cannot be tracked in a spreadsheet.

Measurement Without Targets, and Responsibility Without Owners

Two governance weaknesses are worth flagging before the close. The strategy’s “how to measure” sections list metric categories rather than targets. Percent of systems with reported cryptographic detail, number and type and location of implementations, ECU production rate. These are things to count, not thresholds to hit. There are no interim gates between now and 2030 and no stated consequence for missing one. For an organization with a long history of crypto-modernization slippage, the Cryptographic Modernization program has been running for well over a decade, measurement without targets is a credibility gap.

The accompanying RACI chart centralizes accountability in the DoW CIO, which is genuinely better than diffuse ownership, but it assigns responsibility for most execution to “DoW Components.” Components means every service and agency, which historically is how this kind of work stalls: when everyone is responsible, the schedule answers to no one. A 2031 deadline with diffuse execution ownership and no interim gates is a deadline that discovers it has slipped in 2030.

What This Means for Everyone Else

If you do not work for the Pentagon, the DoW strategy still matters to you, because of what the coordinated rollout signals. Two executive orders, a department-wide defense strategy, and a quantum sensing program, all in one week, is not a compliance update. It is a national-security posture shift, and the U.S. is now firmly in the 2030 camp alongside the EU, Canada, Australia, and India. For any organization that sells to, contracts with, or operates systems on behalf of the federal government, the effective deadline moved to 2030 this week, and it now reaches you through procurement whether you are a defense vendor or not.

I want to anchor this to the question I get asked most, which is when Q-Day actually arrives. Notice what the DoW strategy does not contain: any estimate of when a cryptographically relevant quantum computer (CRQC) will exist. It treats the CRQC as a planning assumption and gets on with the migration. That is the correct posture, and it is the one I have been arguing for since I wrote that the ecosystem, not the physics, now sets the clock. You do not need to handicap the date when the policy calendar has already overtaken it. The deadlines are set. The executive order enforces them on the civilian side, the DoW strategy enforces them on the defense side, and the FAR rule enforces them on everyone who wants to keep selling into the largest technology market on earth.

The actions have not changed, only the margin for delay. Build a cryptographic inventory you can audit. Force your vendors onto PQC roadmaps with named delivery dates. Adopt a migration methodology, whether the PQC Migration Framework or another, and run it as a program rather than a project. And if you operate across both civilian and defense systems, map every system against all three deadline lattices, because “2030 and 2031” hides more than it reveals. The convergence everyone is celebrating this week is real. So is the divergence underneath it, and that is where migration programs go to fail.