NSA Guidance for Transition to Quantum-Resistant Cryptography
The NSA provides guidance for migrating to quantum‑resistant cryptography, including the Commercial National Security Algorithm Suite (CNSA) Suite 2.0 (2022), the "Quantum Computing and Post‑Quantum Cryptography FAQ" (2022), and the formal "NSA Guidance for Transition to Quantum‑Resistant Cryptography" (2023). These documents outline recommended algorithms, migration timelines, and implementation considerations for U.S. government and industry partners.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (23)
Algorithm Migration
| Code | Title |
|---|---|
| QRCM-3.1 | Hybrid Solution Deployment (2025-2030) |
| QRCM-3.2 | CNSA 2.0 Algorithm Preference |
| QRCM-3.3 | RSA/ECC Deprecation |
Architecture
| Code | Title |
|---|---|
| QRMIG-07 | Cryptographic Agility |
Assurance
| Code | Title |
|---|---|
| QRMIG-16 | Testing and Validation Programme |
| QRMIG-19 | Post Migration Assurance |
Cloud
| Code | Title |
|---|---|
| QRMIG-11 | Cloud Service Transition |
Communications
| Code | Title |
|---|---|
| QRMIG-17 | Communication and Stakeholder Reporting |
Cryptographic Inventory and Discovery
| Code | Title |
|---|---|
| QRCM-1.1 | Cryptographic Asset Inventory |
| QRCM-1.2 | Quantum-Vulnerable Identification |
| QRCM-1.3 | Data Classification for Migration |
Decommissioning
| Code | Title |
|---|---|
| QRMIG-20 | Decommissioning of Legacy Cryptography |
Federal Compliance
| Code | Title |
|---|---|
| QRCM-4.1 | NSM-10 Compliance |
| QRCM-4.2 | TLS 1.3 Adoption |
| QRCM-4.3 | Quantum-Safe Product Categories |
Identity
| Code | Title |
|---|---|
| QRMIG-12 | Identity Federation and Smart Cards |
Inventory
| Code | Title |
|---|---|
| QRMIG-02 | Cryptographic Asset Discovery |
Key Management
| Code | Title |
|---|---|
| QRMIG-09 | Key Management Modernisation |
Migration Planning
Transitioning to post-quantum cryptography
Network Security
| Code | Title |
|---|---|
| QRMIG-13 | Network Device Transition |
OT and Embedded
| Code | Title |
|---|---|
| QRMIG-14 | Operational Technology |
PKI
| Code | Title |
|---|---|
| QRMIG-08 | Public Key Infrastructure Update |
Pilot Programme
| Code | Title |
|---|---|
| QRMIG-05 | Pilot Implementation |
Programme Governance
| Code | Title |
|---|---|
| QRMIG-01 | Migration Programme Establishment |
Records
| Code | Title |
|---|---|
| QRMIG-15 | Records Retention and Long Lived Data |
Risk Assessment
| Code | Title |
|---|---|
| QRMIG-03 | Prioritisation and Risk Assessment |
Software Engineering
| Code | Title |
|---|---|
| QRMIG-10 | Application Code Refactor |
Supply Chain
| Code | Title |
|---|---|
| QRMIG-04 | Vendor Engagement and Roadmaps |
Transition Operations
| Code | Title |
|---|---|
| QRMIG-06 | Hybrid Algorithm Strategy |
Workforce
| Code | Title |
|---|---|
| QRMIG-18 | Training and Capability Building |
Your Compliance Coverage
If you comply with NSA Guidance for Transition to Quantum-Resistant Cryptography, you already cover:
SLSA
17%
5 controls mapped
Compare →SIG (Shared Assessments)
17%
5 controls mapped
Compare →OWASP SAMM
17%
5 controls mapped
Compare →+ 78 more: ISO/SAE 21434 (17%), ISO/IEC 27010:2015 (17%)
See all 81 mapped frameworks ↓Maps to 81 other frameworks
Frequently Asked Questions
What is NSA Guidance for Transition to Quantum-Resistant Cryptography?
NSA Guidance for Transition to Quantum-Resistant Cryptography is a compliance framework from United States (National Security Agency) with 23 domains and 29 controls. The NSA provides guidance for migrating to quantum‑resistant cryptography, including the Commercial National Security Algorithm Suite (CNSA) Suite 2.0 (2022), the "Quantum Computing and Post‑Quantum Cryptography FAQ" (2022), and the formal "NSA Guidance for Transition to Quantum‑Resistant Cryptography" (2023). These documents outline recommended algorithms, migration timelines, and implementation considerations for U.S. government and industry partners. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NSA Guidance for Transition to Quantum-Resistant Cryptography have?
NSA Guidance for Transition to Quantum-Resistant Cryptography has 29 controls organised across 23 domains. The largest domains are Algorithm Migration (3 controls), Cryptographic Inventory and Discovery (3 controls), Federal Compliance (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NSA Guidance for Transition to Quantum-Resistant Cryptography map to?
NSA Guidance for Transition to Quantum-Resistant Cryptography maps to 81 other compliance frameworks. The top mapping partners are SLSA (17% coverage), SIG (Shared Assessments) (17% coverage), OWASP SAMM (17% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with NSA Guidance for Transition to Quantum-Resistant Cryptography compliance?
Start your NSA Guidance for Transition to Quantum-Resistant Cryptography compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NSA Guidance for Transition to Quantum-Resistant Cryptography requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 29 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required