NIST Begins Wiring Post-Quantum Cryptography Into Federal PIV Credentials

June 12, 2026 — NIST released a set of preliminary working drafts updating three foundational Personal Identity Verification standards to support post-quantum cryptographic algorithms. The materials cover SP 800-73 Part 1 (PIV Card Application Namespace, Data Model, and Representation), SP 800-73 Part 2 (PIV Card Application Card Command Interface), and SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV), along with a supporting PQC overview and gap-analysis document.

The drafts introduce support for ML-DSA (FIPS 204) signatures and ML-KEM (FIPS 203) key encapsulation into the PIV credential ecosystem, which underpins identity verification for millions of U.S. federal employees and contractors under FIPS 201. The approach uses a dual-stack model: existing classical PIV keys and data objects remain in place, while new PQC key references, certificate containers, and data objects are added alongside them. This design enables backward compatibility with current PIV card readers and middleware, and supports incremental deployment across the federal enterprise.

NIST characterized these as preliminary working materials, not formal initial public drafts. There is no public comment deadline. The agency is collecting feedback through the piv-standards mailing list and a GitHub repository.

The publication follows the timeline established in NIST IR 8547, which targets deprecation of RSA and ECC by 2030 and full removal by 2035 for federal systems.

My Analysis

The PIV system sits at the center of federal identity infrastructure. Every badge tap at a secured facility, every authenticated session on a government network, every digitally signed document in the defense and civilian agencies runs through the PIV credential chain defined by these three NIST publications. Updating them is a prerequisite for PQC migration across the entire federal enterprise.

What makes this release significant is how it frames the migration architecture. The dual-stack model does not rip out classical cryptography. Instead, it layers PQC alongside the existing credential structure, letting agencies upgrade their card populations, middleware, and back-end PKI at their own pace without breaking current operations. This is pragmatic engineering, and it mirrors the hybrid approach that industry has broadly adopted for TLS and other transport-layer protocols.

But pragmatic does not mean easy. PIV credentials involve a chain of trust that stretches from the physical smart card through on-card applets, middleware libraries, certificate authorities, relying-party validation logic, and OCSP/CRL infrastructure. Changing the signature and key encapsulation algorithms at the card level cascades into every component in that chain. Hardware Security Module (HSM) vendors, card manufacturers, middleware developers, and every federal Certificate Authority will need to implement and test against these new data objects and key references.

I have been tracking the two-track structure of PQC migration for some time: Track A addresses key exchange (driven by the Harvest Now, Decrypt Later threat), and Track B addresses digital signatures and authentication (driven by the Trust Now, Forge Later threat and long-term structural risk). Transport-layer key exchange has moved faster because it can be updated in software on both ends of a TLS connection without touching the broader PKI. The PIV update lands squarely in Track B territory, where progress has been slower because authentication and signature migration requires coordinated changes across certificate issuers, trust anchors, and every relying party in the ecosystem.

The fact that NIST chose to release these as working materials on GitHub rather than through the formal Federal Register public-comment process signals something about where this effort stands. This is early-stage, iterative work. The agency is soliciting input from implementers, not finalizing a specification. Organizations that build PIV-related products or manage federal PKI infrastructure should engage now, not wait for a formal draft. The design decisions being made in these working documents will shape the federal identity migration for the rest of the decade.

For organizations outside the U.S. federal government, the PIV update carries a broader lesson. If even a credential system as mature and well-specified as PIV requires this level of architectural retooling for PQC, enterprise identity systems built on less rigorous foundations face at least as much work. The identity layer is emerging as the next hard bottleneck in PQC migration, and most organizations have not started planning for it.

The CISA product categories advisory is already reshaping federal procurement to favor PQC-capable products. These PIV working drafts put the identity credential ecosystem on notice that the same transition is coming for authentication infrastructure. Combined with CNSA 2.0 requirements for national security systems starting in 2027, the timeline for federal identity PQC migration is no longer abstract.