Back to Frameworks
NSA Quantum-Resistant (QR) Cryptography Migration Guidance
United States (NSA)
v2024 (ongoing)
4 domains
9 controls
The NSA has published multiple guidance documents for quantum-resistant cryptography migration beyond CNSA 2.0: 'Announcing the Commercial National Security Algorithm Suite 2.0' (2022), 'Quantum Computing and Post-Quantum Cryptography FAQ', and cybersecurity advisories on PQC transition. The guidance addresses: cryptographic agility (ability to quickly switch algorithms), risk assessment for quantum threats, prioritisation of migration activities, testing and validation of PQC implementations, supply chain considerations for PQC hardware, and coordination with allies through Five Eyes partnerships. NSA works with NIST, CISA, and international partners on PQC transition coordination.
Verified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
Algorithm Migration
3 controls
| Code | Title |
|---|---|
| QRCM-3.1 | Hybrid Solution Deployment (2025-2030) |
| QRCM-3.2 | CNSA 2.0 Algorithm Preference |
| QRCM-3.3 | RSA/ECC Deprecation |
Cryptographic Inventory and Discovery
3 controls
| Code | Title |
|---|---|
| QRCM-1.1 | Cryptographic Asset Inventory |
| QRCM-1.2 | Quantum-Vulnerable Identification |
| QRCM-1.3 | Data Classification for Migration |
Federal Compliance
3 controls
| Code | Title |
|---|---|
| QRCM-4.1 | NSM-10 Compliance |
| QRCM-4.2 | TLS 1.3 Adoption |
| QRCM-4.3 | Quantum-Safe Product Categories |
Migration Planning
0 controls
Transitioning to post-quantum cryptography
Maps to 278 other frameworks
9 total controls
CSA CCM v4
5 source controls mapped|5 target controls covered
56%
NIST SP 800-187
5 source controls mapped|6 target controls covered
56%
NIST SP 800-150
5 source controls mapped|6 target controls covered
56%
NIST SP 800-137
5 source controls mapped|6 target controls covered
56%
MITRE D3FEND
5 source controls mapped|7 target controls covered
56%
NIST SP 800-218
5 source controls mapped|7 target controls covered
56%
EU Cyber Resilience Act
5 source controls mapped|7 target controls covered
56%
NIST SP 800-123
5 source controls mapped|6 target controls covered
56%
BSIMM
5 source controls mapped|7 target controls covered
56%
NIST SP 800-61
5 source controls mapped|7 target controls covered
56%
NIST SP 800-88
5 source controls mapped|6 target controls covered
56%
OpenSSF Scorecard
5 source controls mapped|7 target controls covered
56%
NIST SP 800-181
5 source controls mapped|6 target controls covered
56%
OWASP MASVS
5 source controls mapped|7 target controls covered
56%
ISO 27002:2022
5 source controls mapped|6 target controls covered
56%
MITRE ATT&CK
5 source controls mapped|7 target controls covered
56%
OWASP ASVS
5 source controls mapped|6 target controls covered
56%
NIST SP 800-160
5 source controls mapped|6 target controls covered
56%
CFTC System Safeguards (17 CFR 37, 38, 39, 49)
5 source controls mapped|3 target controls covered
56%
GLI-33 — Gaming Laboratories International Event Wagering Systems
5 source controls mapped|3 target controls covered
56%
EIOPA Guidelines on ICT Security and Governance (2020)
5 source controls mapped|3 target controls covered
56%
TISAX — Trusted Information Security Assessment Exchange
5 source controls mapped|4 target controls covered
56%
Telecommunications Sector Security Reforms (TSSR)
5 source controls mapped|3 target controls covered
56%
Defence Security Principles Framework (DSPF)
5 source controls mapped|3 target controls covered
56%
Protective Security Policy Framework (PSPF) Release 2024
5 source controls mapped|3 target controls covered
56%
NIST SP 800-63
5 source controls mapped|6 target controls covered
56%
PTES
5 source controls mapped|6 target controls covered
56%
NIST SP 800-183
5 source controls mapped|6 target controls covered
56%
NIST SP 800-128
5 source controls mapped|6 target controls covered
56%
ETSI EN 303 645
5 source controls mapped|7 target controls covered
56%
NIST SP 800-207
5 source controls mapped|7 target controls covered
56%
3GPP Security
5 source controls mapped|6 target controls covered
56%
California IoT Security Law
5 source controls mapped|6 target controls covered
56%
NIST SP 800-115
5 source controls mapped|6 target controls covered
56%
ISO/SAE 21434
5 source controls mapped|6 target controls covered
56%
ISO/IEC 27010:2015
5 source controls mapped|3 target controls covered
56%
US Gramm-Leach-Bliley Act (GLBA) — Higher Education Safeguards Rule
5 source controls mapped|3 target controls covered
56%
NYDFS Cybersecurity Regulation (23 NYCRR Part 500)
5 source controls mapped|4 target controls covered
56%
HIPAA Security Rule
5 source controls mapped|3 target controls covered
56%
NIST SP 800-92
5 source controls mapped|6 target controls covered
56%
NIST SP 800-161
5 source controls mapped|6 target controls covered
56%
ISO 27043
5 source controls mapped|6 target controls covered
56%
ISO 27001:2022
5 source controls mapped|3 target controls covered
56%
UK PSTI Act
5 source controls mapped|6 target controls covered
56%
SSDF (NIST)
5 source controls mapped|7 target controls covered
56%
SLSA
5 source controls mapped|7 target controls covered
56%
UNECE WP.29 R156
5 source controls mapped|6 target controls covered
56%
SIG (Shared Assessments)
5 source controls mapped|6 target controls covered
56%
OWASP SAMM
5 source controls mapped|6 target controls covered
56%
UNECE WP.29 R155
5 source controls mapped|7 target controls covered
56%
UK Defence Standard 05-138 — Cyber Security for Defence Suppliers
4 source controls mapped|2 target controls covered
44%
PCI DSS v4.0
4 source controls mapped|4 target controls covered
44%
NIST SP 800-53A
4 source controls mapped|2 target controls covered
44%
NIST SP 800-172
4 source controls mapped|2 target controls covered
44%
Singapore Government Instruction Manual on ICT&SS Management (IM8)
4 source controls mapped|2 target controls covered
44%
PAS 1192-5:2015 — Security-Minded Approach to BIM and Digital Built Environments
4 source controls mapped|5 target controls covered
44%
CISA Zero Trust Maturity Model
4 source controls mapped|2 target controls covered
44%
Cyber Essentials Plus
4 source controls mapped|2 target controls covered
44%
NIST SP 800-53 Rev 5
4 source controls mapped|4 target controls covered
44%
Spain ENS
4 source controls mapped|2 target controls covered
44%
MTCS (Singapore)
4 source controls mapped|2 target controls covered
44%
CMMC 2.0
4 source controls mapped|2 target controls covered
44%
CSA STAR (Security, Trust, Assurance, and Risk)
4 source controls mapped|2 target controls covered
44%
3GPP Security Architecture (TS 33.501 — 5G Security)
4 source controls mapped|4 target controls covered
44%
NAIC Insurance Data Security Model Law (MDL-668)
4 source controls mapped|2 target controls covered
44%
C5 (Germany)
4 source controls mapped|2 target controls covered
44%
NIST SP 800-190
4 source controls mapped|2 target controls covered
44%
NIST SP 800-145
4 source controls mapped|2 target controls covered
44%
AWS Well-Architected Security Pillar
4 source controls mapped|2 target controls covered
44%
NIST SP 800-144
4 source controls mapped|2 target controls covered
44%
NIST SP 800-124 Rev 2 — Mobile Device Security
4 source controls mapped|3 target controls covered
44%
Ghana Cybersecurity Act
4 source controls mapped|2 target controls covered
44%
NIST SP 800-171
4 source controls mapped|2 target controls covered
44%
DoD Zero Trust Reference Architecture
4 source controls mapped|2 target controls covered
44%
ISMAP (Japan)
4 source controls mapped|2 target controls covered
44%
Azure Security Benchmark
4 source controls mapped|2 target controls covered
44%
ISO 27017
4 source controls mapped|2 target controls covered
44%
Belgium CyberFundamentals
4 source controls mapped|2 target controls covered
44%
ISO 27018
4 source controls mapped|2 target controls covered
44%
FAA Cybersecurity Framework for Aviation
4 source controls mapped|1 target controls covered
44%
Oman National Cybersecurity Framework
4 source controls mapped|1 target controls covered
44%
ANSSI Cybersecurity Framework
4 source controls mapped|2 target controls covered
44%
FISMA
4 source controls mapped|2 target controls covered
44%
NIS2 Directive Implementing Acts
4 source controls mapped|2 target controls covered
44%
NIST SP 800-146
4 source controls mapped|2 target controls covered
44%
CAIQ (CSA)
4 source controls mapped|2 target controls covered
44%
BSI IT-Grundschutz
4 source controls mapped|2 target controls covered
44%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
4 source controls mapped|4 target controls covered
44%
Saudi NCA ECC
4 source controls mapped|2 target controls covered
44%
CCSDS 350.0-G-3 — Space Communications Security (Consultative Committee for Space Data Systems)
4 source controls mapped|4 target controls covered
44%
DISA Security Technical Implementation Guides (STIGs)
4 source controls mapped|4 target controls covered
44%
FERPA
3 source controls mapped|1 target controls covered
33%
EAR — Export Administration Regulations
3 source controls mapped|2 target controls covered
33%
ASD Information Security Manual (ISM)
3 source controls mapped|4 target controls covered
33%
South Korea ISMS-P
3 source controls mapped|1 target controls covered
33%
ENISA Privacy Enhancing Technologies (PETs) Guidance
3 source controls mapped|2 target controls covered
33%
Nebraska Data Privacy Act
3 source controls mapped|1 target controls covered
33%
Canada ITSG-33 — IT Security Risk Management
3 source controls mapped|3 target controls covered
33%
New Zealand Information Security Manual (NZISM)
3 source controls mapped|3 target controls covered
33%
MARS-E — Minimum Acceptable Risk Standards for Exchanges
3 source controls mapped|3 target controls covered
33%
South Korea Cloud Security Assurance Program (CSAP)
3 source controls mapped|3 target controls covered
33%
NRC 10 CFR 73.54 — Nuclear Facility Cybersecurity
3 source controls mapped|3 target controls covered
33%
ASD Strategies to Mitigate Cyber Security Incidents
3 source controls mapped|1 target controls covered
33%
APRA CPS 234
3 source controls mapped|1 target controls covered
33%
Colorado Privacy Act
3 source controls mapped|1 target controls covered
33%
Kentucky Consumer Data Protection Act
3 source controls mapped|1 target controls covered
33%
OWASP Top 10:2025
3 source controls mapped|2 target controls covered
33%
EU Digital Markets Act
3 source controls mapped|1 target controls covered
33%
ISO/IEC 27400:2022
3 source controls mapped|1 target controls covered
33%
MAS TRM
3 source controls mapped|1 target controls covered
33%
PCI SSF
3 source controls mapped|1 target controls covered
33%
NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205)
3 source controls mapped|3 target controls covered
33%
ILO Nursing Personnel Convention C149 (1977)
3 source controls mapped|1 target controls covered
33%
EU Anti-Money Laundering Directive (AMLD6 / Directive 2018/1673)
3 source controls mapped|1 target controls covered
33%
ISO 8000 — Data Quality
3 source controls mapped|1 target controls covered
33%
FATF Recommendation 16 — Virtual Asset Travel Rule
3 source controls mapped|1 target controls covered
33%
Privacy by Design (PbD) — Seven Foundational Principles
3 source controls mapped|1 target controls covered
33%
BS 65000:2014 — Guidance on Organizational Resilience
3 source controls mapped|1 target controls covered
33%
HL7 FHIR Security Framework
3 source controls mapped|2 target controls covered
33%
HKMA SPM
3 source controls mapped|1 target controls covered
33%
ISO/IEC 27011:2024
3 source controls mapped|1 target controls covered
33%
BCBS 239
3 source controls mapped|1 target controls covered
33%
MDS2 (Medical Device)
3 source controls mapped|2 target controls covered
33%
Connecticut DPA
3 source controls mapped|1 target controls covered
33%
POPIA
3 source controls mapped|1 target controls covered
33%
LGPD
3 source controls mapped|1 target controls covered
33%
NIST AI Risk Management Framework (AI RMF 1.0)
3 source controls mapped|1 target controls covered
33%
NIST AI 600-1 Generative AI Profile
3 source controls mapped|1 target controls covered
33%
Iceland DPA
3 source controls mapped|1 target controls covered
33%
APPI
3 source controls mapped|1 target controls covered
33%
IRS Publication 1075 — Tax Information Security Guidelines
3 source controls mapped|1 target controls covered
33%
NIST SP 800-171A Rev 3 — Assessing CUI Security Requirements
3 source controls mapped|3 target controls covered
33%
FedRAMP Rev 5
3 source controls mapped|3 target controls covered
33%
Montana Consumer Data Privacy Act
3 source controls mapped|1 target controls covered
33%
NSA CNSA Suite 2.0 — Commercial National Security Algorithm Suite
3 source controls mapped|3 target controls covered
33%
New Jersey Data Privacy Act
3 source controls mapped|1 target controls covered
33%
HITECH Act
3 source controls mapped|1 target controls covered
33%
Norway PDPA
3 source controls mapped|1 target controls covered
33%
GLBA
3 source controls mapped|1 target controls covered
33%
DORA
3 source controls mapped|1 target controls covered
33%
AS9100D:2016 — Quality Management Systems for Aviation, Space, and Defence
3 source controls mapped|1 target controls covered
33%
Philippines DPA
3 source controls mapped|1 target controls covered
33%
PSD2 SCA
3 source controls mapped|1 target controls covered
33%
Mauritius DPA
3 source controls mapped|1 target controls covered
33%
Jamaica DPA
3 source controls mapped|1 target controls covered
33%
Chile Personal Data Protection Law (Law No. 21.719)
3 source controls mapped|1 target controls covered
33%
Malaysia PDPA 2010
3 source controls mapped|1 target controls covered
33%
CNCF Cloud Native Security (Cloud Native Computing Foundation)
3 source controls mapped|2 target controls covered
33%
ISO 13485
3 source controls mapped|2 target controls covered
33%
ISO/IEC 23837 — Security Requirements for Quantum Key Distribution
3 source controls mapped|3 target controls covered
33%
ISO/IEC 29115:2023 — Entity Authentication Assurance Framework
3 source controls mapped|1 target controls covered
33%
IEC 62351 — Power Systems Communication Security
3 source controls mapped|1 target controls covered
33%
COPPA
3 source controls mapped|1 target controls covered
33%
PIPEDA
3 source controls mapped|1 target controls covered
33%
NIST SP 800-171A — Assessing CUI Security Requirements
3 source controls mapped|3 target controls covered
33%
NIST Privacy Framework 1.0
3 source controls mapped|1 target controls covered
33%
Vietnam PDPD
3 source controls mapped|1 target controls covered
33%
Maryland Online Data Privacy Act
3 source controls mapped|1 target controls covered
33%
ISO 27799
3 source controls mapped|2 target controls covered
33%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
3 source controls mapped|2 target controls covered
33%
FFIEC IT Examination Handbook
3 source controls mapped|1 target controls covered
33%
FBI CJIS Security Policy
3 source controls mapped|2 target controls covered
33%
Indonesia PDP Law
3 source controls mapped|1 target controls covered
33%
O-RAN Alliance Security Specifications (O-RAN.WG11)
3 source controls mapped|1 target controls covered
33%
Iowa Consumer Data Protection Act
3 source controls mapped|1 target controls covered
33%
FDA 21 CFR Part 11
3 source controls mapped|2 target controls covered
33%
PCI PIN Security
3 source controls mapped|1 target controls covered
33%
China PIPL
3 source controls mapped|1 target controls covered
33%
Open Banking Security
3 source controls mapped|1 target controls covered
33%
MARS-E
3 source controls mapped|2 target controls covered
33%
PDPA Singapore
3 source controls mapped|1 target controls covered
33%
Switzerland FADP
3 source controls mapped|1 target controls covered
33%
Oregon Consumer Privacy Act
3 source controls mapped|1 target controls covered
33%
Peru DPL
3 source controls mapped|1 target controls covered
33%
Mexico LFPDPPP
3 source controls mapped|1 target controls covered
33%
OSFI B-13
3 source controls mapped|1 target controls covered
33%
PCI P2PE
3 source controls mapped|1 target controls covered
33%
Indiana Consumer Data Protection Act
3 source controls mapped|1 target controls covered
33%
OWASP API Security Top 10:2023
3 source controls mapped|1 target controls covered
33%
EDM Council CDMC — Cloud Data Management Capabilities Framework
3 source controls mapped|1 target controls covered
33%
Delaware Personal Data Privacy Act
3 source controls mapped|1 target controls covered
33%
Liechtenstein DPA
3 source controls mapped|1 target controls covered
33%
HKMA Cyber Resilience Assessment Framework (C-RAF)
3 source controls mapped|1 target controls covered
33%
EMV 3-D Secure (3DS2) — Payment Authentication Protocol
3 source controls mapped|1 target controls covered
33%
NIST SP 800-34 Rev 1 — Contingency Planning Guide
3 source controls mapped|1 target controls covered
33%
Minnesota Consumer Data Privacy Act
3 source controls mapped|1 target controls covered
33%
ISO/IEC 27557:2022 — Organisational Privacy Risk Management
3 source controls mapped|1 target controls covered
33%
UK Open Banking Standard
3 source controls mapped|2 target controls covered
33%
PDPA Thailand
3 source controls mapped|1 target controls covered
33%
Nigeria NDPR
3 source controls mapped|1 target controls covered
33%
NIST SP 800-122
3 source controls mapped|1 target controls covered
33%
Digital Economy Partnership Agreement (DEPA)
3 source controls mapped|1 target controls covered
33%
FTC Safeguards Rule (16 CFR Part 314)
3 source controls mapped|1 target controls covered
33%
Privacy Act 1988 (Australia)
3 source controls mapped|1 target controls covered
33%
New Zealand Privacy Act
3 source controls mapped|1 target controls covered
33%
ISO 27701
3 source controls mapped|1 target controls covered
33%
NIST SP 800-66
3 source controls mapped|2 target controls covered
33%
ISO 22739:2024 — Blockchain and Distributed Ledger Technologies Vocabulary
3 source controls mapped|1 target controls covered
33%
New Hampshire Privacy Act
3 source controls mapped|1 target controls covered
33%
Turkey KVKK
3 source controls mapped|1 target controls covered
33%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
3 source controls mapped|1 target controls covered
33%
UK Telecommunications (Security) Act 2021
3 source controls mapped|1 target controls covered
33%
Chile DPL
3 source controls mapped|1 target controls covered
33%
Colombia Habeas Data Law
3 source controls mapped|1 target controls covered
33%
Qatar DPL
3 source controls mapped|1 target controls covered
33%
CCPA/CPRA
3 source controls mapped|1 target controls covered
33%
NIST SP 800-82 Rev 3 — Guide to OT Security
3 source controls mapped|1 target controls covered
33%
Argentina PDPA
3 source controls mapped|1 target controls covered
33%
Bahrain PDPL
3 source controls mapped|1 target controls covered
33%
Dominican Republic DPL
3 source controls mapped|1 target controls covered
33%
Ecuador LOPDP
3 source controls mapped|1 target controls covered
33%
ESRB Privacy Certified Programme
3 source controls mapped|2 target controls covered
33%
Hungary Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)
3 source controls mapped|2 target controls covered
33%
India DPDP Act
3 source controls mapped|1 target controls covered
33%
Kenya DPA
3 source controls mapped|1 target controls covered
33%
SWIFT CSCF
3 source controls mapped|1 target controls covered
33%
US ITAR and EAR — Export Control and Data Security
3 source controls mapped|2 target controls covered
33%
US Executive Order 14028 — Improving the Nation's Cybersecurity
3 source controls mapped|1 target controls covered
33%
3GPP 5G Security Architecture (TS 33.501)
3 source controls mapped|1 target controls covered
33%
ECB TIBER-EU
3 source controls mapped|1 target controls covered
33%
CISA Secure by Design Principles
3 source controls mapped|2 target controls covered
33%
Tennessee IPA
3 source controls mapped|1 target controls covered
33%
Taiwan PDPA
3 source controls mapped|1 target controls covered
33%
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|1 target controls covered
33%
SOC for Cybersecurity — Cybersecurity Risk Management Examination
3 source controls mapped|1 target controls covered
33%
NATO STANAG 4774/4778 — Confidentiality Metadata Labels
3 source controls mapped|2 target controls covered
33%
Rwanda DPL
3 source controls mapped|1 target controls covered
33%
UAE PDPL
3 source controls mapped|1 target controls covered
33%
AICPA SOC 3
3 source controls mapped|1 target controls covered
33%
FIDO2 and W3C WebAuthn Standard
3 source controls mapped|1 target controls covered
33%
W3C Verifiable Credentials (VC) Data Model 2.0
3 source controls mapped|1 target controls covered
33%
SWIFT CSP
3 source controls mapped|1 target controls covered
33%
RBI Cybersecurity Framework for Banks
3 source controls mapped|1 target controls covered
33%
AICPA SOC 1
3 source controls mapped|1 target controls covered
33%
UK Data Protection Act 2018
3 source controls mapped|1 target controls covered
33%
UK Gambling Commission — Cyber Resilience Requirements
3 source controls mapped|1 target controls covered
33%
Virginia CDPA
3 source controls mapped|1 target controls covered
33%
Uruguay DPL
3 source controls mapped|1 target controls covered
33%
Texas Data Privacy Act
3 source controls mapped|1 target controls covered
33%
Saudi Arabia PDPL
3 source controls mapped|1 target controls covered
33%
Utah Consumer Privacy Act
3 source controls mapped|1 target controls covered
33%
RFC 2350 — Expectations for Computer Security Incident Response (BCP 21)
3 source controls mapped|1 target controls covered
33%
IACS Unified Requirements E26/E27 — Cyber Resilience of Ships and On-Board Systems
1 source controls mapped|1 target controls covered
11%
ISO/IEC 38500:2024 — Governance of IT
1 source controls mapped|1 target controls covered
11%
ISO 19650 — Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)
1 source controls mapped|1 target controls covered
11%
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04)
1 source controls mapped|1 target controls covered
11%
CISA ICS-CERT Advisories and Industrial Control Systems Security Guidelines
1 source controls mapped|1 target controls covered
11%
Australian Energy Sector Cyber Security Framework (AESCSF)
1 source controls mapped|1 target controls covered
11%
API 1164
1 source controls mapped|1 target controls covered
11%
China AI Regulations
1 source controls mapped|1 target controls covered
11%
China Data Security Law (DSL)
1 source controls mapped|1 target controls covered
11%
IEEE 1686
1 source controls mapped|1 target controls covered
11%
NIS2 Directive
1 source controls mapped|1 target controls covered
11%
DO-326A
1 source controls mapped|1 target controls covered
11%
ISO 14064 — Greenhouse Gas Accounting and Verification (Parts 1-3)
1 source controls mapped|1 target controls covered
11%
COSO Internal Control — Integrated Framework (2013)
1 source controls mapped|1 target controls covered
11%
ASEAN Data Management Framework
1 source controls mapped|1 target controls covered
11%
Voluntary Principles on Security and Human Rights (VPs)
1 source controls mapped|1 target controls covered
11%
US OFAC Sanctions Compliance Framework
1 source controls mapped|1 target controls covered
11%
IEC 62443
1 source controls mapped|1 target controls covered
11%
ISO 42001
1 source controls mapped|1 target controls covered
11%
OECD AI Principles
1 source controls mapped|1 target controls covered
11%
ISO 27019
1 source controls mapped|1 target controls covered
11%
IEEE 7000
1 source controls mapped|1 target controls covered
11%
BIMCO Cyber Security
1 source controls mapped|1 target controls covered
11%
C2M2
1 source controls mapped|1 target controls covered
11%
EU AI Act
1 source controls mapped|1 target controls covered
11%
21 CFR Part 211 — Current Good Manufacturing Practice
1 source controls mapped|3 target controls covered
11%
Japan AI Guidelines
1 source controls mapped|1 target controls covered
11%
NIST SP 1800-32
1 source controls mapped|1 target controls covered
11%
IEC 60601-1 — Medical Electrical Equipment Safety
1 source controls mapped|1 target controls covered
11%
Brazil AI Framework
1 source controls mapped|1 target controls covered
11%
Australia AI Ethics Framework
1 source controls mapped|1 target controls covered
11%
UK AI Regulation Framework
1 source controls mapped|1 target controls covered
11%
FDA Quality Management System Regulation (QMSR)
1 source controls mapped|1 target controls covered
11%
Singapore AI Governance Framework
1 source controls mapped|1 target controls covered
11%
SASB Standards (ISSB Integrated)
1 source controls mapped|1 target controls covered
11%
SASB Standards
1 source controls mapped|1 target controls covered
11%
Frequently Asked Questions
What is NSA Quantum-Resistant (QR) Cryptography Migration Guidance?
NSA Quantum-Resistant (QR) Cryptography Migration Guidance is a compliance framework from United States (NSA) with 4 domains and 9 controls. The NSA has published multiple guidance documents for quantum-resistant cryptography migration beyond CNSA 2.0: 'Announcing the Commercial National Security Algorithm Suite 2.0' (2022), 'Quantum Computing and Post-Quantum Cryptography FAQ', and cybersecurity advisories on PQC transition. The guidance addresses: cryptographic agility (ability to quickly switch algorithms), risk assessment for quantum threats, prioritisation of migration activities, testing and validation of PQC implementations, supply chain considerations for PQC hardware, and coordination with allies through Five Eyes partnerships. NSA works with NIST, CISA, and international partners on PQC transition coordination. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NSA Quantum-Resistant (QR) Cryptography Migration Guidance have?
NSA Quantum-Resistant (QR) Cryptography Migration Guidance has 9 controls organised across 4 domains. The largest domains are Algorithm Migration (3 controls), Cryptographic Inventory and Discovery (3 controls), Federal Compliance (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NSA Quantum-Resistant (QR) Cryptography Migration Guidance map to?
NSA Quantum-Resistant (QR) Cryptography Migration Guidance maps to 278 other compliance frameworks. The top mapping partners are CSA CCM v4 (56% coverage), NIST SP 800-187 (56% coverage), NIST SP 800-150 (56% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with NSA Quantum-Resistant (QR) Cryptography Migration Guidance compliance?
Start your NSA Quantum-Resistant (QR) Cryptography Migration Guidance compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NSA Quantum-Resistant (QR) Cryptography Migration Guidance requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 9 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.
Get Started Free →Free forever — no credit card required