Date Published: September 18, 2025
Comments Due:
Email Comments to:
Author(s)
William Newhouse (NIST), Murugiah Souppaya (NIST), William Barker (Strativia), Karen Scarfone (Scarfone Cybersecurity)
Announcement
The project is designed to support and align with key NIST cybersecurity frameworks and security controls. Specifically, the project’s capabilities are informed by and mapped to the security objectives and controls outlined in two important NIST documents:
This white paper provides a mapping of the project’s capabilities to these two resources. This helps organizations align their PQC migration efforts with established security outcomes (and broader cybersecurity risk management practices) and identify specific security controls and objectives needed to successfully implement PQC migration.
Your Feedback Matters
We invite you to review this document and provide comments by October 15, 2025. You can submit comments by visiting the NCCoE project page.
If you have any questions or need further information, please don’t hesitate to contact the team at [email protected]. We encourage you to join the NCCoE PQC Community of Interest (COI) to receive project updates and stay involved!
The capabilities demonstrated by the NCCoE Migration to Post-Quantum Cryptography project support several security objectives and controls identified by the NIST Cybersecurity Framework 2.0 (CSWP 29) and Security and Privacy Controls for Information Systems and Organizations (SP 800-53), respectively. A responsible implementation of the demonstrated capabilities depends on adherence to several security objectives and controls identified in these risk framework documents.
This paper identifies the supported and dependent characteristics of capabilities functions that are part of the Migration to Post-Quantum Cryptography project at NIST’s National Cybersecurity Center of Excellence and maps those functions to elements of both the NIST Cybersecurity Framework 2.0 and Special Publication 800-53 Revision 5.
The NCCoE Migration to Post-Quantum Cryptography project demonstrates practices to ease migration from the current set of public-key cryptographic algorithms to replacement algorithms resistant to quantum computer-based attacks. Project collaborators demonstrate using cryptographic discovery and inventory tools to allow an organization to learn where and how cryptography protects the confidentiality and integrity of the organization’s important data and digital systems. Project collaborators are also exploring interoperability of the NIST PQC algorithms for key establishment and digital signature schemes in internet communication protocols and hardware security modules (HSMs).
The capabilities demonstrated by the NCCoE Migration to Post-Quantum Cryptography project support several security objectives and controls identified by the NIST Cybersecurity Framework 2.0 (CSWP 29) and Security and Privacy Controls for Information Systems and Organizations (SP 800-53),…
See full abstract
The capabilities demonstrated by the NCCoE Migration to Post-Quantum Cryptography project support several security objectives and controls identified by the NIST Cybersecurity Framework 2.0 (CSWP 29) and Security and Privacy Controls for Information Systems and Organizations (SP 800-53), respectively. A responsible implementation of the demonstrated capabilities depends on adherence to several security objectives and controls identified in these risk framework documents.
This paper identifies the supported and dependent characteristics of capabilities functions that are part of the Migration to Post-Quantum Cryptography project at NIST’s National Cybersecurity Center of Excellence and maps those functions to elements of both the NIST Cybersecurity Framework 2.0 and Special Publication 800-53 Revision 5.
The NCCoE Migration to Post-Quantum Cryptography project demonstrates practices to ease migration from the current set of public-key cryptographic algorithms to replacement algorithms resistant to quantum computer-based attacks. Project collaborators demonstrate using cryptographic discovery and inventory tools to allow an organization to learn where and how cryptography protects the confidentiality and integrity of the organization’s important data and digital systems. Project collaborators are also exploring interoperability of the NIST PQC algorithms for key establishment and digital signature schemes in internet communication protocols and hardware security modules (HSMs).
Hide full abstract
Keywords
algorithm; cryptography; encryption; identity management; key establishment and management; post-quantum cryptography; public key cryptography; quantum-resistant; vulnerable cryptography discovery
Control Families
None selected