Back to Frameworks
NSA Guidance for Transition to Quantum-Resistant Cryptography
United States (National Security Agency)
v2023
23 domains
29 controls
The NSA provides guidance for migrating to quantum‑resistant cryptography, including the Commercial National Security Algorithm Suite (CNSA) Suite 2.0 (2022), the "Quantum Computing and Post‑Quantum Cryptography FAQ" (2022), and the formal "NSA Guidance for Transition to Quantum‑Resistant Cryptography" (2023). These documents outline recommended algorithms, migration timelines, and implementation considerations for U.S. government and industry partners.
Verified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (23)
Algorithm Migration
3 controls
| Code | Title |
|---|---|
| QRCM-3.1 | Hybrid Solution Deployment (2025-2030) |
| QRCM-3.2 | CNSA 2.0 Algorithm Preference |
| QRCM-3.3 | RSA/ECC Deprecation |
Architecture
1 controls
| Code | Title |
|---|---|
| QRMIG-07 | Cryptographic Agility |
Assurance
2 controls
| Code | Title |
|---|---|
| QRMIG-16 | Testing and Validation Programme |
| QRMIG-19 | Post Migration Assurance |
Cloud
1 controls
| Code | Title |
|---|---|
| QRMIG-11 | Cloud Service Transition |
Communications
1 controls
| Code | Title |
|---|---|
| QRMIG-17 | Communication and Stakeholder Reporting |
Cryptographic Inventory and Discovery
3 controls
| Code | Title |
|---|---|
| QRCM-1.1 | Cryptographic Asset Inventory |
| QRCM-1.2 | Quantum-Vulnerable Identification |
| QRCM-1.3 | Data Classification for Migration |
Decommissioning
1 controls
| Code | Title |
|---|---|
| QRMIG-20 | Decommissioning of Legacy Cryptography |
Federal Compliance
3 controls
| Code | Title |
|---|---|
| QRCM-4.1 | NSM-10 Compliance |
| QRCM-4.2 | TLS 1.3 Adoption |
| QRCM-4.3 | Quantum-Safe Product Categories |
Identity
1 controls
| Code | Title |
|---|---|
| QRMIG-12 | Identity Federation and Smart Cards |
Inventory
1 controls
| Code | Title |
|---|---|
| QRMIG-02 | Cryptographic Asset Discovery |
Key Management
1 controls
| Code | Title |
|---|---|
| QRMIG-09 | Key Management Modernisation |
Migration Planning
0 controls
Transitioning to post-quantum cryptography
Network Security
1 controls
| Code | Title |
|---|---|
| QRMIG-13 | Network Device Transition |
OT and Embedded
1 controls
| Code | Title |
|---|---|
| QRMIG-14 | Operational Technology |
PKI
1 controls
| Code | Title |
|---|---|
| QRMIG-08 | Public Key Infrastructure Update |
Pilot Programme
1 controls
| Code | Title |
|---|---|
| QRMIG-05 | Pilot Implementation |
Programme Governance
1 controls
| Code | Title |
|---|---|
| QRMIG-01 | Migration Programme Establishment |
Records
1 controls
| Code | Title |
|---|---|
| QRMIG-15 | Records Retention and Long Lived Data |
Risk Assessment
1 controls
| Code | Title |
|---|---|
| QRMIG-03 | Prioritisation and Risk Assessment |
Software Engineering
1 controls
| Code | Title |
|---|---|
| QRMIG-10 | Application Code Refactor |
Supply Chain
1 controls
| Code | Title |
|---|---|
| QRMIG-04 | Vendor Engagement and Roadmaps |
Transition Operations
1 controls
| Code | Title |
|---|---|
| QRMIG-06 | Hybrid Algorithm Strategy |
Workforce
1 controls
| Code | Title |
|---|---|
| QRMIG-18 | Training and Capability Building |
Your Compliance Coverage
If you comply with NSA Guidance for Transition to Quantum-Resistant Cryptography, you already cover:
Cloud Security Alliance Cloud Controls Matrix (CCM) v4.0.1
17%
5 controls mapped
Compare →NIST SP 800-137
17%
5 controls mapped
Compare →MITRE D3FEND
17%
5 controls mapped
Compare →+ 274 more: Proposal for a Regulation on Cyber Resilience Act (CRA) (17%), NIST SP 800-123 (17%)
See all 277 mapped frameworks ↓Maps to 277 other frameworks
29 total controls
Cloud Security Alliance Cloud Controls Matrix (CCM) v4.0.1
5 source controls mapped|5 target controls covered
17%
NIST SP 800-137
5 source controls mapped|6 target controls covered
17%
MITRE D3FEND
5 source controls mapped|7 target controls covered
17%
Proposal for a Regulation on Cyber Resilience Act (CRA)
5 source controls mapped|7 target controls covered
17%
NIST SP 800-123
5 source controls mapped|6 target controls covered
17%
BSIMM
5 source controls mapped|7 target controls covered
17%
NIST SP 800-61
5 source controls mapped|7 target controls covered
17%
NIST SP 800-88
5 source controls mapped|6 target controls covered
17%
OpenSSF Scorecard
5 source controls mapped|7 target controls covered
17%
OWASP MASVS
5 source controls mapped|7 target controls covered
17%
ISO 27002:2022
5 source controls mapped|6 target controls covered
17%
MITRE ATT&CK
5 source controls mapped|7 target controls covered
17%
OWASP ASVS
5 source controls mapped|6 target controls covered
17%
CFTC System Safeguards (17 CFR 37, 38, 39, 49)
5 source controls mapped|3 target controls covered
17%
GLI-33 - Gaming Laboratories International Event Wagering Systems
5 source controls mapped|3 target controls covered
17%
EIOPA Guidelines on ICT Security and Governance (EIOPA‑BoS‑23/146, 2023)
5 source controls mapped|3 target controls covered
17%
TISAX - Trusted Information Security Assessment Exchange
5 source controls mapped|4 target controls covered
17%
Telecommunications Sector Security Reforms (TSSR)
5 source controls mapped|3 target controls covered
17%
Defence Security Principles Framework (DSPF)
5 source controls mapped|3 target controls covered
17%
Protective Security Policy Framework (PSPF) Release 2024
5 source controls mapped|3 target controls covered
17%
NIST SP 800-63-4
5 source controls mapped|6 target controls covered
17%
PTES
5 source controls mapped|6 target controls covered
17%
ETSI EN 303 645
5 source controls mapped|7 target controls covered
17%
3GPP Security
5 source controls mapped|7 target controls covered
17%
California IoT Security Law
5 source controls mapped|6 target controls covered
17%
NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)
5 source controls mapped|6 target controls covered
17%
ISO/SAE 21434
5 source controls mapped|6 target controls covered
17%
ISO/IEC 27010:2015
5 source controls mapped|3 target controls covered
17%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
5 source controls mapped|3 target controls covered
17%
NYDFS Cybersecurity Regulation (23 NYCRR Part 500)
5 source controls mapped|4 target controls covered
17%
HIPAA Security Rule
5 source controls mapped|3 target controls covered
17%
NIST SP 800-92
5 source controls mapped|6 target controls covered
17%
ISO 27043
5 source controls mapped|6 target controls covered
17%
ISO 27001:2022
5 source controls mapped|3 target controls covered
17%
UK PSTI Act
5 source controls mapped|6 target controls covered
17%
SSDF (NIST)
5 source controls mapped|7 target controls covered
17%
SLSA
5 source controls mapped|7 target controls covered
17%
UNECE WP.29 R156
5 source controls mapped|6 target controls covered
17%
SIG (Shared Assessments)
5 source controls mapped|6 target controls covered
17%
OWASP SAMM
5 source controls mapped|6 target controls covered
17%
UNECE WP.29 R155
5 source controls mapped|7 target controls covered
17%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
4 source controls mapped|2 target controls covered
14%
PCI DSS v4.0
4 source controls mapped|4 target controls covered
14%
Singapore Government Instruction Manual on ICT&SS Management (IM8)
4 source controls mapped|2 target controls covered
14%
PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments
4 source controls mapped|5 target controls covered
14%
Cyber Essentials Plus
4 source controls mapped|2 target controls covered
14%
NIST SP 800-53 Rev 5
4 source controls mapped|4 target controls covered
14%
Spain ENS
4 source controls mapped|2 target controls covered
14%
MTCS (Singapore)
4 source controls mapped|2 target controls covered
14%
CSA STAR (Security, Trust, Assurance, and Risk)
4 source controls mapped|2 target controls covered
14%
3GPP Security Architecture (TS 33.501 - 5G Security)
4 source controls mapped|4 target controls covered
14%
NAIC Insurance Data Security Model Law (MDL-668)
4 source controls mapped|2 target controls covered
14%
C5 (Germany)
4 source controls mapped|2 target controls covered
14%
NIST SP 800-190
4 source controls mapped|2 target controls covered
14%
NIST SP 800-145
4 source controls mapped|2 target controls covered
14%
AWS Well-Architected Security Pillar
4 source controls mapped|2 target controls covered
14%
NIST SP 800-144
4 source controls mapped|2 target controls covered
14%
NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices
4 source controls mapped|3 target controls covered
14%
Ghana Cybersecurity Act
4 source controls mapped|2 target controls covered
14%
DoD Zero Trust Reference Architecture
4 source controls mapped|2 target controls covered
14%
ISMAP (Japan)
4 source controls mapped|2 target controls covered
14%
Azure Security Benchmark
4 source controls mapped|2 target controls covered
14%
ISO 27017
4 source controls mapped|2 target controls covered
14%
Belgium CyberFundamentals
4 source controls mapped|2 target controls covered
14%
ISO 27018
4 source controls mapped|2 target controls covered
14%
FAA Cybersecurity Framework for Aviation
4 source controls mapped|1 target controls covered
14%
Oman National Cybersecurity Framework
4 source controls mapped|1 target controls covered
14%
ANSSI Cybersecurity Framework
4 source controls mapped|2 target controls covered
14%
FISMA
4 source controls mapped|2 target controls covered
14%
NIS2 Directive Implementing Acts
4 source controls mapped|2 target controls covered
14%
NIST SP 800-146
4 source controls mapped|2 target controls covered
14%
CAIQ (CSA)
4 source controls mapped|2 target controls covered
14%
BSI IT-Grundschutz
4 source controls mapped|2 target controls covered
14%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
4 source controls mapped|4 target controls covered
14%
Saudi NCA ECC
4 source controls mapped|2 target controls covered
14%
CCSDS 350.0-G-3 - Space Communications Security (Consultative Committee for Space Data Systems)
4 source controls mapped|4 target controls covered
14%
Sigstore - Software Artifact Signing and Verification
4 source controls mapped|2 target controls covered
14%
DISA Security Technical Implementation Guides (STIGs)
4 source controls mapped|4 target controls covered
14%
FERPA
3 source controls mapped|1 target controls covered
10%
EAR - Export Administration Regulations
3 source controls mapped|2 target controls covered
10%
ASD Information Security Manual (ISM)
3 source controls mapped|4 target controls covered
10%
Australian Information Security Manual
3 source controls mapped|2 target controls covered
10%
South Korea ISMS-P
3 source controls mapped|1 target controls covered
10%
ENISA Privacy‑Enhancing Technologies (PET) reports and recommendations
3 source controls mapped|2 target controls covered
10%
Nebraska Data Privacy Act
3 source controls mapped|1 target controls covered
10%
Canada ITSG-33 - IT Security Risk Management
3 source controls mapped|3 target controls covered
10%
New Zealand Information Security Manual (NZISM)
3 source controls mapped|3 target controls covered
10%
MARS-E - Minimum Acceptable Risk Standards for Exchanges
3 source controls mapped|3 target controls covered
10%
South Korea Cloud Security Assurance Program (CSAP)
3 source controls mapped|3 target controls covered
10%
NRC 10 CFR 73.54 - Nuclear Facility Cybersecurity
3 source controls mapped|3 target controls covered
10%
ASD Strategies to Mitigate Cyber Security Incidents
3 source controls mapped|1 target controls covered
10%
APRA CPS 234
3 source controls mapped|1 target controls covered
10%
Colorado Privacy Act
3 source controls mapped|1 target controls covered
10%
Kentucky Consumer Data Protection Act
3 source controls mapped|1 target controls covered
10%
OWASP Top 10:2025
3 source controls mapped|2 target controls covered
10%
EU Digital Markets Act
3 source controls mapped|1 target controls covered
10%
ISO/IEC 27400:2022
3 source controls mapped|1 target controls covered
10%
Monetary Authority of Singapore Technology Risk Management Guidelines
3 source controls mapped|1 target controls covered
10%
PCI SSF
3 source controls mapped|1 target controls covered
10%
NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205)
3 source controls mapped|3 target controls covered
10%
ILO Nursing Personnel Convention C149 (1977)
3 source controls mapped|1 target controls covered
10%
6th Anti-Money Laundering Directive (AMLD6, Directive (EU) 2018/1673) - superseded by AMLD7
3 source controls mapped|1 target controls covered
10%
ISO 8000 - Data Quality
3 source controls mapped|1 target controls covered
10%
FATF Recommendation 16 - Virtual Asset Travel Rule
3 source controls mapped|1 target controls covered
10%
Privacy by Design (PbD) - Seven Foundational Principles
3 source controls mapped|1 target controls covered
10%
BS 65000:2014 - Guidance on Organizational Resilience
3 source controls mapped|1 target controls covered
10%
HL7 FHIR Security Framework
3 source controls mapped|2 target controls covered
10%
HKMA SPM
3 source controls mapped|1 target controls covered
10%
ISO/IEC 27011:2024
3 source controls mapped|1 target controls covered
10%
BCBS 239
3 source controls mapped|1 target controls covered
10%
MDS2 (Medical Device)
3 source controls mapped|2 target controls covered
10%
CTDPA (Connecticut Data Privacy Act)
3 source controls mapped|1 target controls covered
10%
POPIA
3 source controls mapped|1 target controls covered
10%
LGPD
3 source controls mapped|1 target controls covered
10%
NIST AI Risk Management Framework (AI RMF 1.0)
3 source controls mapped|1 target controls covered
10%
NIST AI 600-1: Generative AI Profile
3 source controls mapped|1 target controls covered
10%
Iceland DPA
3 source controls mapped|1 target controls covered
10%
APPI
3 source controls mapped|1 target controls covered
10%
IRS Publication 1075 - Tax Information Security Guidelines
3 source controls mapped|1 target controls covered
10%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
3 source controls mapped|3 target controls covered
10%
FedRAMP Rev 5
3 source controls mapped|3 target controls covered
10%
Montana Consumer Data Privacy Act
3 source controls mapped|1 target controls covered
10%
Commercial National Security Algorithm Suite (CNSA) 2.0
3 source controls mapped|3 target controls covered
10%
New Jersey Data Privacy Act
3 source controls mapped|1 target controls covered
10%
HITECH Act
3 source controls mapped|1 target controls covered
10%
Personal Data Act (personopplysningsloven)
3 source controls mapped|1 target controls covered
10%
GLBA
3 source controls mapped|1 target controls covered
10%
DORA
3 source controls mapped|1 target controls covered
10%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
3 source controls mapped|1 target controls covered
10%
ISO 27005
3 source controls mapped|1 target controls covered
10%
ISO 20000-1
3 source controls mapped|1 target controls covered
10%
ISO/IEC 42001:2023
3 source controls mapped|1 target controls covered
10%
CIS Controls v8
3 source controls mapped|2 target controls covered
10%
Philippines DPA
3 source controls mapped|1 target controls covered
10%
Philippines Data Privacy Act (RA 10173)
3 source controls mapped|1 target controls covered
10%
PSD2 SCA
3 source controls mapped|1 target controls covered
10%
Mauritius DPA
3 source controls mapped|1 target controls covered
10%
Jamaica DPA
3 source controls mapped|1 target controls covered
10%
Chile Personal Data Protection Law (Law No. 21.719)
3 source controls mapped|1 target controls covered
10%
Malaysia PDPA 2010
3 source controls mapped|1 target controls covered
10%
CNCF Security Technical Advisory Group (TAG)
3 source controls mapped|2 target controls covered
10%
ISO 13485
3 source controls mapped|2 target controls covered
10%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
3 source controls mapped|3 target controls covered
10%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
3 source controls mapped|1 target controls covered
10%
IEC 62351 - Power Systems Communication Security
3 source controls mapped|1 target controls covered
10%
COPPA
3 source controls mapped|1 target controls covered
10%
PIPEDA
3 source controls mapped|1 target controls covered
10%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
3 source controls mapped|3 target controls covered
10%
NIST Privacy Framework 1.0
3 source controls mapped|1 target controls covered
10%
Vietnam PDPD
3 source controls mapped|1 target controls covered
10%
Maryland Online Data Privacy Act of 2024
3 source controls mapped|1 target controls covered
10%
ISO 27799
3 source controls mapped|2 target controls covered
10%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
3 source controls mapped|2 target controls covered
10%
FFIEC IT Examination Handbook
3 source controls mapped|1 target controls covered
10%
FBI CJIS Security Policy
3 source controls mapped|2 target controls covered
10%
Indonesia PDP Law
3 source controls mapped|1 target controls covered
10%
O-RAN WG11 Security Specification
3 source controls mapped|1 target controls covered
10%
Iowa Consumer Data Protection Act
3 source controls mapped|1 target controls covered
10%
FDA 21 CFR Part 11
3 source controls mapped|2 target controls covered
10%
PCI PIN Security
3 source controls mapped|1 target controls covered
10%
China PIPL
3 source controls mapped|1 target controls covered
10%
Open Banking Security
3 source controls mapped|1 target controls covered
10%
MARS-E
3 source controls mapped|2 target controls covered
10%
PDPA Singapore
3 source controls mapped|1 target controls covered
10%
Switzerland FADP
3 source controls mapped|1 target controls covered
10%
Oregon Consumer Privacy Act
3 source controls mapped|1 target controls covered
10%
Peru DPL
3 source controls mapped|1 target controls covered
10%
Mexico LFPDPPP
3 source controls mapped|1 target controls covered
10%
OSFI B-13
3 source controls mapped|1 target controls covered
10%
PCI P2PE
3 source controls mapped|1 target controls covered
10%
Indiana Consumer Data Protection Act
3 source controls mapped|1 target controls covered
10%
OWASP API Security Top 10 - 2023
3 source controls mapped|1 target controls covered
10%
EDM Council CDMC - Cloud Data Management Capability Framework
3 source controls mapped|1 target controls covered
10%
Delaware Online Privacy and Protection Act (proposed)
3 source controls mapped|1 target controls covered
10%
Liechtenstein DPA
3 source controls mapped|1 target controls covered
10%
HKMA Cyber Resilience Assessment Framework (C-RAF)
3 source controls mapped|1 target controls covered
10%
EMV 3‑D Secure (3DS) - Payment Authentication Protocol
3 source controls mapped|1 target controls covered
10%
NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems
3 source controls mapped|1 target controls covered
10%
Minnesota Consumer Data Privacy Act
3 source controls mapped|1 target controls covered
10%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
3 source controls mapped|1 target controls covered
10%
UK Open Banking Standard
3 source controls mapped|2 target controls covered
10%
PDPA Thailand
3 source controls mapped|1 target controls covered
10%
Nigeria Data Protection Regulation (NDPR)
3 source controls mapped|1 target controls covered
10%
NIST SP 800-122
3 source controls mapped|1 target controls covered
10%
Digital Economy Partnership Agreement (DEPA)
3 source controls mapped|1 target controls covered
10%
FTC Safeguards Rule (16 CFR Part 314)
3 source controls mapped|1 target controls covered
10%
Privacy Act 1988 (Australia)
3 source controls mapped|1 target controls covered
10%
Privacy Act 2020
3 source controls mapped|1 target controls covered
10%
ISO 27701
3 source controls mapped|1 target controls covered
10%
NIST SP 800-66
3 source controls mapped|2 target controls covered
10%
ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary
3 source controls mapped|1 target controls covered
10%
New Hampshire Data Privacy Act
3 source controls mapped|1 target controls covered
10%
Turkey KVKK
3 source controls mapped|1 target controls covered
10%
Turkey Personal Data Protection Law (KVKK - Law No. 6698)
3 source controls mapped|1 target controls covered
10%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
3 source controls mapped|1 target controls covered
10%
UK Telecommunications (Security) Act 2021
3 source controls mapped|1 target controls covered
10%
Chile DPL
3 source controls mapped|1 target controls covered
10%
ISO 19011
3 source controls mapped|1 target controls covered
10%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
3 source controls mapped|1 target controls covered
10%
ISO 31000:2018
3 source controls mapped|1 target controls covered
10%
Law 1581 of 2012 - Statutory Framework for the Protection of Personal Data
3 source controls mapped|1 target controls covered
10%
Qatar DPL
3 source controls mapped|1 target controls covered
10%
CCPA/CPRA
3 source controls mapped|1 target controls covered
10%
NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security
3 source controls mapped|1 target controls covered
10%
Argentina PDPA
3 source controls mapped|1 target controls covered
10%
Bahrain PDPL
3 source controls mapped|1 target controls covered
10%
Law No. 172-13 on the Protection of Personal Data
3 source controls mapped|1 target controls covered
10%
Ley Orgánica de Protección de Datos Personales (LOPDP)
3 source controls mapped|1 target controls covered
10%
ESRB Privacy Certified
3 source controls mapped|2 target controls covered
10%
Hungary Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)
3 source controls mapped|2 target controls covered
10%
India DPDP Act
3 source controls mapped|1 target controls covered
10%
Kenya DPA
3 source controls mapped|1 target controls covered
10%
Kenya Data Protection Act
3 source controls mapped|1 target controls covered
10%
SWIFT CSCF
3 source controls mapped|1 target controls covered
10%
US ITAR and EAR - Export Control and Data Security
3 source controls mapped|2 target controls covered
10%
US Executive Order 14028 - Improving the Nation's Cybersecurity
3 source controls mapped|1 target controls covered
10%
3GPP 5G Security Architecture (TS 33.501)
3 source controls mapped|1 target controls covered
10%
TIBER-EU (Threat Intelligence-Based Ethical Red Teaming - European Union)
3 source controls mapped|1 target controls covered
10%
Secure by Design: A Guide for Manufacturers (CISA)
3 source controls mapped|2 target controls covered
10%
Tennessee IPA
3 source controls mapped|1 target controls covered
10%
Taiwan PDPA
3 source controls mapped|1 target controls covered
10%
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|1 target controls covered
10%
SOC for Cybersecurity - Cybersecurity Risk Management Examination
3 source controls mapped|1 target controls covered
10%
NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding)
3 source controls mapped|2 target controls covered
10%
Rwanda DPL
3 source controls mapped|1 target controls covered
10%
UAE PDPL
3 source controls mapped|1 target controls covered
10%
AICPA SOC 3
3 source controls mapped|1 target controls covered
10%
FIDO2 and W3C WebAuthn Standard
3 source controls mapped|1 target controls covered
10%
W3C Verifiable Credentials (VC) Data Model 2.0
3 source controls mapped|1 target controls covered
10%
SWIFT CSP
3 source controls mapped|1 target controls covered
10%
RBI Cybersecurity Framework for Banks
3 source controls mapped|1 target controls covered
10%
AICPA SOC 1
3 source controls mapped|1 target controls covered
10%
SSAE 18 SOC 1 - Report on Controls at a Service Organisation (ICFR)
3 source controls mapped|1 target controls covered
10%
UK Data Protection Act 2018
3 source controls mapped|1 target controls covered
10%
UK Gambling Commission - Cyber Resilience Requirements
3 source controls mapped|1 target controls covered
10%
Virginia CDPA
3 source controls mapped|1 target controls covered
10%
Uruguay DPL
3 source controls mapped|1 target controls covered
10%
Texas Data Privacy Act
3 source controls mapped|1 target controls covered
10%
Saudi Arabia PDPL
3 source controls mapped|1 target controls covered
10%
Utah Consumer Privacy Act
3 source controls mapped|1 target controls covered
10%
RFC 2350 - Expectations for Computer Security Incident Response (BCP 21)
3 source controls mapped|1 target controls covered
10%
IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems
1 source controls mapped|1 target controls covered
3%
ISO/IEC 38500:2024 - Governance of IT
1 source controls mapped|1 target controls covered
3%
ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)
1 source controls mapped|1 target controls covered
3%
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)
1 source controls mapped|1 target controls covered
3%
CISA Industrial Control Systems (ICS) Security Guidance
1 source controls mapped|1 target controls covered
3%
Australian Energy Sector Cyber Security Framework (AESCSF)
1 source controls mapped|1 target controls covered
3%
API 1164
1 source controls mapped|1 target controls covered
3%
Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022)
1 source controls mapped|1 target controls covered
3%
China Data Security Law (DSL)
1 source controls mapped|1 target controls covered
3%
IEEE 1686
1 source controls mapped|1 target controls covered
3%
NIS2 Directive
1 source controls mapped|1 target controls covered
3%
DO-326A / ED-202A
1 source controls mapped|1 target controls covered
3%
ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)
1 source controls mapped|1 target controls covered
3%
COSO Internal Control - Integrated Framework (2013)
1 source controls mapped|1 target controls covered
3%
ASEAN Data Management Framework
1 source controls mapped|1 target controls covered
3%
Voluntary Principles on Security and Human Rights (VPs)
1 source controls mapped|1 target controls covered
3%
US OFAC Sanctions Compliance Framework
1 source controls mapped|1 target controls covered
3%
IEC 62443
1 source controls mapped|1 target controls covered
3%
ISO 42001
1 source controls mapped|1 target controls covered
3%
OECD AI Principles
1 source controls mapped|1 target controls covered
3%
ISO 27019
1 source controls mapped|1 target controls covered
3%
IEEE 7000
1 source controls mapped|1 target controls covered
3%
BIMCO Cyber Security
1 source controls mapped|1 target controls covered
3%
C2M2
1 source controls mapped|1 target controls covered
3%
EU AI Act
1 source controls mapped|1 target controls covered
3%
21 CFR Part 211 - Current Good Manufacturing Practice
1 source controls mapped|3 target controls covered
3%
Japan AI Guidelines
1 source controls mapped|1 target controls covered
3%
NIST SP 1800-32
1 source controls mapped|1 target controls covered
3%
IEC 60601-1 - Medical Electrical Equipment Safety
1 source controls mapped|1 target controls covered
3%
Brazil AI Framework
1 source controls mapped|1 target controls covered
3%
Australia AI Ethics Framework
1 source controls mapped|1 target controls covered
3%
UK AI Regulation Framework
1 source controls mapped|1 target controls covered
3%
FDA Quality Management System Regulation (QMSR)
1 source controls mapped|1 target controls covered
3%
Singapore AI Governance Framework
1 source controls mapped|1 target controls covered
3%
SASB Standards (ISSB Integrated)
1 source controls mapped|1 target controls covered
3%
SASB Standards
1 source controls mapped|1 target controls covered
3%
Frequently Asked Questions
What is NSA Guidance for Transition to Quantum-Resistant Cryptography?
NSA Guidance for Transition to Quantum-Resistant Cryptography is a compliance framework from United States (National Security Agency) with 23 domains and 29 controls. The NSA provides guidance for migrating to quantum‑resistant cryptography, including the Commercial National Security Algorithm Suite (CNSA) Suite 2.0 (2022), the "Quantum Computing and Post‑Quantum Cryptography FAQ" (2022), and the formal "NSA Guidance for Transition to Quantum‑Resistant Cryptography" (2023). These documents outline recommended algorithms, migration timelines, and implementation considerations for U.S. government and industry partners. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NSA Guidance for Transition to Quantum-Resistant Cryptography have?
NSA Guidance for Transition to Quantum-Resistant Cryptography has 29 controls organised across 23 domains. The largest domains are Algorithm Migration (3 controls), Cryptographic Inventory and Discovery (3 controls), Federal Compliance (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NSA Guidance for Transition to Quantum-Resistant Cryptography map to?
NSA Guidance for Transition to Quantum-Resistant Cryptography maps to 277 other compliance frameworks. The top mapping partners are Cloud Security Alliance Cloud Controls Matrix (CCM) v4.0.1 (17% coverage), NIST SP 800-137 (17% coverage), MITRE D3FEND (17% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with NSA Guidance for Transition to Quantum-Resistant Cryptography compliance?
Start your NSA Guidance for Transition to Quantum-Resistant Cryptography compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NSA Guidance for Transition to Quantum-Resistant Cryptography requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 29 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 768 frameworks.
Get Started Free →Free forever — no credit card required