IT Examiner School - Oct 2025

FI Preparedness Steps

• Inventory sensitive and critical datasets that must be secured for extended amount of time. • Conduct an inventory of all systems using cryptographic technologies • Identify acquisition, cybersecurity, and data security standards requiring updates to reflect post-quantum requirements • From the inventory, identify where and for what purpose public key cryptography is being used and mark as "quantum vulnerable" • Determine prioritizations of system for cryptographic transition • Using inventory and prioritization information, develop plan for systems transitions to quantum resistant cryptographic standard (e.g., Lattice-based, Stateless Hash-based)

13

Post Quantum Cryptography Resources • NIST Post-Quantum Cryptography Standardization Project Post-Quantum Cryptography | CSRC • CISA "Post-Quantum Cryptography Initiative" Main Page Post-Quantum Cryptography Initiative | CISA • CISA "Preparing Critical Infrastructure for Post-Quantum Cryptography" CISA Insights: Preparing Critical Infrastructure for Post-Quantum Cryptography • NIST "Announcing Approval of Three Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography" Post-Quantum Cryptography FIPS Approved | CSRC ( August 13th, 2024) • "NIST Releases First 3 Finalized Post-Quantum Encryption Standards" NIST Releases First 3 Finalized Post-Quantum Encryption Standards | NIST ( August 13th, 2024) • “Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process” IR 8545, Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process | CSRC (March 2025)

14