White House Orders Federal Agencies to Migrate Systems to Post-Quantum Cryptography
Cybersecurity NewsArchived Jun 24, 2026✓ Full text saved
The White House has issued a major executive order directing U.S. federal civilian agencies to migrate high‑value systems to post‑quantum cryptography (PQC), with firm deadlines of 2030 for key establishment and 2031 for digital signatures. The order, titled “Securing the Nation Against Advanced Cryptographic Attacks,” warns that large‑scale quantum computers could eventually break today’s widely […] The post White House Orders Federal Agencies to Migrate Systems to Post-Quantum Cryptography app
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
White House Orders Federal Agencies to Migrate Systems to Post-Quantum Cryptography
By Abinaya
June 24, 2026
The White House has issued a major executive order directing U.S. federal civilian agencies to migrate high‑value systems to post‑quantum cryptography (PQC), with firm deadlines of 2030 for key establishment and 2031 for digital signatures.
The order, titled “Securing the Nation Against Advanced Cryptographic Attacks,” warns that large‑scale quantum computers could eventually break today’s widely used public‑key cryptography, especially in adversary hands.
It specifically highlights “harvest now, decrypt later” campaigns, where attackers steal encrypted data today and plan to decrypt it once quantum capabilities mature.
To address this, the policy mandates a government‑wide shift to National Institute of Standards and Technology (NIST)‑approved Federal Information Processing Standards (FIPS) for PQC to protect sensitive data, critical infrastructure, and the digital economy.
The directive applies to federal “agencies” as defined in 44 U.S.C. 3502(1). It focuses on high-impact systems and high-value assets (HVAs) as defined by the Office of Management and Budget (OMB).
It defines PQC as cryptography designed to resist both quantum and classical attacks, aligning with NIST’s emerging PQC FIPS for key establishment and digital signatures.
White House Orders Federal Agencies
Within 30 days, each agency head must appoint a “PQC migration lead” reporting to the CIO, responsible for cryptographic inventory, prioritized migration planning, and cross‑agency coordination.
Within 90 days, OMB must issue guidance requiring agencies to review their HVA and high-impact system inventories (excluding National Security Systems).
Transition those systems to PQC for key establishment by December 31, 2030, and to PQC‑based digital signatures by December 31, 2031, and submit formal migration plans.
NIST must also run a PQC migration pilot on a subset of its own systems, to be completed by the end of 2027.
Sector Risk Management Agencies must work with the Cybersecurity and Infrastructure Security Agency (CISA) to help critical infrastructure owners and operators build PQC migration plans, extending federal direction into private‑sector operators of essential services.
The Secretary of State, together with NIST, DHS, the National Cyber Director, the Secretary of War, and the Director of National Intelligence, is tasked with engaging foreign governments and key industry groups to promote the adoption of NIST‑standardized PQC algorithms globally.
Within 270 days, DHS (through CISA) and NIST must publish guidance on a “cryptographic bill of materials” (CBOM) that defines the minimum elements needed to inventory and assess cryptographic assets in hardware and software automatically.
The White House Executive Order promotes PQC adoption through procurement, directing federal agencies to pursue cost-saving measures such as cloud migrations, shared procurement, training, and centralized support.
NIST must adjust the Cryptographic Module Validation Program’s processes to speed up the validation of PQC‑enabled modules.
The Federal Acquisition Regulatory Council must propose rule changes requiring covered contractors to comply with PQC‑enabled NIST FIPS by December 31, 2030.
To update vulnerability disclosure program clauses so that contractors report cryptographic weaknesses, including lack of encryption and use of non‑FIPS algorithms.
While the order does not create new legal rights for private parties, it effectively turns PQC migration into a compliance requirement for agencies and their supply chains.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
8-Year-Old Samsung KNOX Vulnerability Exposes Galaxy Devices to Kernel Attacks
Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it
HazyBeacon Weaponizes AWS Lambda Function URLs for Stealth Command-and-Control Relays
Authorities Dismantle SocGholish Malware Network — 106 Servers and 101 Domains Seized
GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions
Latest News
Cyber Security News
Browser-in-the-Browser Kit Uses Fake Software Errors to Deliver Malware Installers
Cyber Security News
GhostShell Malware Uses mTLS Implant and Telegram Dead-Drop to Target Ukrainian Drone Operations
Cyber Security
Red-Team AI Tool Vulnerabilities Let Attackers Exfiltrate API Keys and Compromise Operators’ Systems
Cyber Security News
Hackers Exploit Unpatched SharePoint Servers to Deploy Ransomware and Custom Backdoors
AI
Malicious AI Agent Skill Bypasses Security Scans and Seizes Full Control of Over 26,000 Agents