A Guide to CNSA 2.0 Compliant Cryptography Solutions

Key Takeaways

• CNSA 2.0 defines the NSA’s roadmap for quantum-safe cryptography
• A CNSA 2.0 compliant cryptography solution is becoming essential for government and defence systems
• NIST PQC standards underpin the CNSA 2.0 framework
• Organisations must begin transitioning now to meet compliance deadlines
• PQShield delivers scalable solutions aligned with CNSA 2.0 requirements

The NSA’s post-quantum roadmap

Although a cryptographically relevant quantum computer has yet to be realized, the story of quantum computing and the threat to cryptography stretches back a long way. In fact, it was understood as long ago as the 1990s that it was theoretically possible for a quantum machine to use Shor’s algorithm to put current methods of cryptography at future risk.

It was clear then, just as it is now, that the mathematics behind the scenes has an expiration date. This is what ultimately drives the need for a CNSA 2.0 compliant cryptography solution.

The shift toward post-quantum cryptography

Post-quantum cryptography began as a research interest, before becoming a growing priority for industry and government. As quantum timelines accelerated, what was once theoretical quickly became a real-world concern.

In 2015, the NSA famously updated its website to warn that a transition to quantum-resistant algorithms would be necessary ‘soon’, advising vendors not to invest in ECC (elliptic curve cryptography) as it would impendingly need to be replaced.

It was in effect, the first nail in the coffin for CNSA 1.0 and the starting pistol for what would eventually become the new recommendations for US government, CNSA 2.0.

Introduction of CNSA 2,0

CNSA 2.0, introduced in 2022 and driven by the White House’s NSM-10 memorandum, formalised this shift by:

• Recommending quantum-resistant algorithms
• Establishing clear compliance timelines

With the 2024 NIST standardisation of ML-KEM, ML-DSA and SLH-DSA, CNSA 2.0 has moved from proposal to implementation, making a CNSA 2.0 compliant cryptography solution a practical requirement.

CNSA 2.0 algorithms

CNSA 2.0 specifies both general-purpose algorithms and those specifically intended for software/firmware signing.

It’s worth noting that the suite of algorithms in CNSA 2.0 is built on a ‘defense-in-depth’ strategy. The core algorithms above rely on lattices and hashes, using different mathematical foundations for different tasks.

For example, the general-purpose algorithms, ML-KEM and ML-DSA are intended for secure communications such as TLS for web browsing, identity verification and message integrity.

The quantum threat

In addition to a future quantum computer, there is the threat of pre-emptive attacks known as Harvest Now, Decrypt Later (HNDL).

In this scenario:

• Data is intercepted and stored today
• It is decrypted later once quantum capabilities become available

CNSA 2.0 addresses this by mandating early transition. The NSA recommends:

• Building an inventory of cryptographic systems
• Prioritising high-value assets
• Accelerating migration to PQC

A CNSA 2.0 compliant cryptography solution is central to mitigating both current and future risks.

CNSA 2.0 timeline

CNSA 2.0 sets out a multi-stage roadmap that’s designed to move all NSS to PQC. The timeline is effectively as follows:

What this means for vendors and the supply chain

Naturally, the timeline serves as a procurement mandate for agencies.

Starting in 2027, any vendor selling new equipment to the US government must prove CNSA 2.0 compliance. This becomes a critical requirement, effectively acting as a checkbox for participation in government supply chains.

A catalyst for wider adoption

This shift is likely to fuel the broader technology supply chain, encouraging vendors to deploy compliance into commercial products as well.

That’s why organisations such as PQShield have been accelerating towards the use of CNSA 2.0 compliant algorithms over the last few years.

PQShield’s approach

We believe it is our mission to help empower the global technology supply chain, based on requirements that future-proof the assets of tomorrow.

Our UltraPQ suite of products is:

Focused around the use of CNSA 2.0 compliant algorithms

Cryptographically agile enough to accommodate change and future standardisations

Built on deep expertise

Our team were among the first to help co-author the NIST standards. This experience has enabled us to build IP that is:

• Performant
• Scalable
• Ready for the threats of tomorrow

Looking ahead

As the threat landscape evolves, regulatory pressure will continue to increase. CNSA 2.0 is not just guidance. It is a clear signal of where cryptography is heading.

Adopting a CNSA 2.0 compliant cryptography solution is a key step in future-proofing systems and protecting sensitive data in the quantum era.

Ready to implement a CNSA 2.0 compliant cryptography solution?

Contact PQShield to explore our solutions and start preparing for the quantum era today.

For more information, you can access CNSA 2.0 documentation here.

Frequently asked questions

What is CNSA 2.0?

CNSA 2.0 is the NSA’s updated set of cryptographic standards designed to protect national security systems from quantum threats.

What is a CNSA 2.0 compliant crypto solution?

A CNSA 2.0 compliant crypto solution uses approved algorithms such as ML-KEM and ML-DSA to meet NSA requirements.

Why is CNSA 2.0 important?

It provides a clear roadmap for transitioning to quantum-safe cryptography across government and industry.

What are the key CNSA 2.0 algorithms?

They include ML-KEM, ML-DSA, AES-256, and hash-based schemes like LMS and XMSS.

How does PQShield support CNSA 2.0?

PQShield provides hardware and software solutions aligned with CNSA 2.0 standards.