Commercial National Security Algorithm Suite (CNSA) 2.0
The Commercial National Security Algorithm Suite (CNSA) 2.0, announced by the NSA in September 2022, defines a set of cryptographic algorithms-including AES‑256, SHA‑384, ECDSA P‑384, RSA‑3072, CRYSTALS‑Kyber (KEM) and CRYSTALS‑Dilithium (signature)-required for National Security Systems (NSS). CNSA 2.0 supersedes CNSA 1.0 and establishes a transition schedule: new NSS must adopt CNSA 2.0 algorithms by 2030, with full migration required by 2035.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (3)
CNSA 2.0: Approved Quantum-Resistant Algorithms
| Code | Title |
|---|---|
| CNSA2-HASH | Hashing: SHA-384 or SHA-512 |
| CNSA2-KEM | Key Establishment: ML-KEM-1024 |
| CNSA2-SIG | Digital Signatures: ML-DSA-87 |
| CNSA2-SWSIG | Software/Firmware Signing: LMS or XMSS |
| CNSA2-SYM | Symmetric Encryption: AES-256 |
CNSA 2.0: Implementation and Validation
| Code | Title |
|---|---|
| CNSA2-CMVP | FIPS 140-3 Validated Modules (CMVP) |
| CNSA2-HYBRID | Hybrid and Dual-Algorithm Guidance |
| CNSA2-INVENTORY | Cryptographic Inventory and Discovery |
| CNSA2-NIAP | NIAP Product Validation |
CNSA 2.0: Migration Timelines by Use Case
| Code | Title |
|---|---|
| CNSA2-TL-NETWORK | Timeline: Networking Equipment |
| CNSA2-TL-NSS-DEADLINE | Final NSS Migration Deadline |
| CNSA2-TL-OS | Timeline: Operating Systems |
| CNSA2-TL-SWFW | Timeline: Software and Firmware Signing |
| CNSA2-TL-WEBCLOUD | Timeline: Web/TLS and Cloud Services |
Maps to 2 other frameworks
Frequently Asked Questions
What is Commercial National Security Algorithm Suite (CNSA) 2.0?
Commercial National Security Algorithm Suite (CNSA) 2.0 is a compliance framework from United States (National Security Agency) with 3 domains and 14 controls. The Commercial National Security Algorithm Suite (CNSA) 2.0, announced by the NSA in September 2022, defines a set of cryptographic algorithms-including AES‑256, SHA‑384, ECDSA P‑384, RSA‑3072, CRYSTALS‑Kyber (KEM) and CRYSTALS‑Dilithium (signature)-required for National Security Systems (NSS). CNSA 2.0 supersedes CNSA 1.0 and establishes a transition schedule: new NSS must adopt CNSA 2.0 algorithms by 2030, with full migration required by 2035. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Commercial National Security Algorithm Suite (CNSA) 2.0 have?
Commercial National Security Algorithm Suite (CNSA) 2.0 has 14 controls organised across 3 domains. The largest domains are CNSA 2.0: Approved Quantum-Resistant Algorithms (5 controls), CNSA 2.0: Migration Timelines by Use Case (5 controls), CNSA 2.0: Implementation and Validation (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Commercial National Security Algorithm Suite (CNSA) 2.0 map to?
Commercial National Security Algorithm Suite (CNSA) 2.0 maps to 2 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (50% coverage), Cloud Security Alliance Cloud Controls Matrix (CCM) v4.0.1 (29% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Commercial National Security Algorithm Suite (CNSA) 2.0 compliance?
Start your Commercial National Security Algorithm Suite (CNSA) 2.0 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Commercial National Security Algorithm Suite (CNSA) 2.0 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 14 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required