Cybersecurity

CISA publishes a post-quantum shopping list for agencies. Security professionals aren’t sold

A guide aims to help tech buyers navigate their switch to post-quantum encryption, but experts cautioned that most products and backend internet protocols have yet to be updated.

By Derek B. Johnson

January 26, 2026

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

The interior of the IBM Quantum System Two is seen at IBM Thomas J. Watson Research Center on June 6, 2025 in Yorktown Heights, New York. A guide aims to help tech buyers navigate their switch to post-quantum encryption, but experts cautioned that most products and backend internet protocols have yet to be updated. (Photo by ANGELA WEISS / AFP) (Photo by ANGELA WEISS/AFP via Getty Images)

The Cybersecurity and Infrastructure Security Agency is hoping to guide federal agencies through the murky process of updating their technology stack with quantum-resistant encryption.

On Jan. 23, the agency released a list of different IT software and hardware products that are commonly purchased by the federal government and use cryptographic algorithms for encryption or authentication.

The guidance covers cloud services like Platform-as-a-Service and Infrastructure-as-a-Service, collaboration software, web software like browsers and servers, and endpoint security tools that provide full disk and at-rest data encryption.

CISA pointed to these products as examples where hardware and software post-quantum cryptography standards are “widely available” and designed “to protect sensitive information…including after the advent of a cryptographically relevant quantum computer (CRQC).”

Federal agencies and the private sector are preparing for the long-term threat posed by quantum computers, which many cryptographers believe will one day be able to break through some forms of classical encryption.

The federal government is currently operating under an executive order mandating that agencies shift most of their high value systems and devices to post-quantum encryption by 2035. Last year, the Trump administration held discussions with allies and quantum industry executives about a potential executive order that would further move up that timeline.

National security officials have cited concerns that foreign nations could be harvesting encrypted data now in the hopes of accessing them once a quantum codebreaking computer is developed. Industry executives have also pointed to lingering concerns around China’s burgeoning quantum industry as another factor making U.S. businesses and policymakers in Washington nervous.

However, the transition to quantum-resistant encryption protocols is expected to be a massive societal task, one that will require parallel collaboration and buy-in from not only from hardware and software vendors but also the constellation of standards bodies, protocols and backend processes that help transport data across the internet.

That reality can lead to an uneven procurement field for buyers, who are being pressed to purchase and implement post quantum encryption solutions today.

Alongside the more mature industries, CISA also listed a variety of other technologies – including networking hardware and software, Software-as-a-Service, security tools like password managers and intrusion detection systems – as product categories where implementation and testing of PQC capabilities is “encouraged” by manufacturers.

Even the list of seemingly “PQC safe” technologies offered by CISA comes with a caveat: most have post-quantum standards in place for key encapsulation and key agreement, but not for digital signatures or authentication.

Adopting newer post-quantum cryptography will also require redesigning much of the core backend infrastructure that encrypts our data across the internet. Major internet cryptographic protocols like Secure Shell Protocol (SSH) and Transport Layer Security have done some foundational work in this area.

But Surabhi Dahal of Encryption Consulting noted in September that “most protocols are still in the early stages, with proposals being drafted, prototypes being and testing underway to determine how quantum-safe methods can be integrated into existing systems.”

A 2024 study from the Department of Energy’s Pacific Northwest National Laboratory looked at technical challenges associated with post-quantum migration in just one industrial sector: electric vehicle charging infrastructure. The study found companies faced numerous internal and external obstacles, including “interoperability concerns, the computational and memory demands of PQC algorithms, and the organizational readiness for such a transition.”

Roberta Faux, head of cryptography and field chief technology officer at Arqit, a firm that provides post-quantum encryption services, told CyberScoop that CISA’s guide “omits much” detail needed to credibly guide organizations as they navigate their post-quantum security options.

For instance, she said the document provides little to no insight on how to set up cryptographic inventories or timelines, what performance data should be used to measure tradeoffs, how CISA measures or defines what it means by “PQC-capable” or guidance on how to set up hybrid models.

The document “ends up feeling optimized for procurement compliance rather than security outcomes,” she said.

Peter Bentley, chief operating officer for Patero, another post-quantum encryption company, expressed similar sentiments, noting that “the hardest part isn’t selecting a post-quantum algorithm—it’s knowing where cryptography actually lives” because most organizations don’t have detailed inventories.

“Without that visibility, and arguably developing a Cryptographic Discovery and Inventory best practice, ‘PQC-enabled’ becomes a marketing label instead of a verifiable capability, especially in hybrid or mixed-vendor environments,” Bentley said.

Faux said CISA’s guidance also “concedes a weakness in today’s post-quantum transition,” namely that most vendor offerings labeled as “PQC-capable” really only address parts of the cryptographic process, leaving some functions like digital signatures and key establishment, with the same classical forms of encryption policymakers are trying to replace.

Cryptographic transitions, she said, are measured in decades, largely due to the time it takes to work out interoperability, performance and operational tradeoffs, with the result being “an extended period of half-measures.”

One footnote in the agency guidance acknowledges that two of the post-quantum algorithms approved by the National Institute for Standards and Technology, ML-DSA or SLH-DSA, currently lack production-ready support for implementation. Faux noted that “this is not a minor caveat.”

“Key agreement without quantum-safe authentication provides limited protection,” she said. “An attacker can still forge certificates, impersonate endpoints, or conduct man-in-the-middle attacks, even if the session keys are quantum-resistant. In this context, ‘partial resistance’ is functionally equivalent to no resistance.”