One of the outcomes of the White House’s 2025 Executive Orders (Strengthening the Nation’s Cybersecurity) is that CISA is required to provide regular guidance for PQC adoption. Now, in 2026, the agency has published what might be a watershed document on PQC procurement for US federal agencies.
It’s a significant point, marking the moment at which the guidance moves from theoretical planning to real action – standardizing the ‘what’ and the ‘how’ for CIOs and driving much of the supply chain ecosystem towards compliance.
With the threat of Harvest-Now-Decrypt-Later (HNDL), there’s an urgent need to identify which products are ready now, enabling organizations to start protecting data immediately, so that assets stolen in 2026 can’t be decrypted in ten years’ time.
The core message of CISA’s publication, titled Product Categories for Technologies That Use Post-Quantum Cryptography Standards – is that there needs to be a shift in procurement strategy. For example, if there is a product category where PQC is ‘widely available’, organizations should ‘plan acquisitions to procure only PQC-capable products from that category’. For example:
Widely available PQC
- Web software – Browsers and web servers
- Cloud services – Platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS)
- Collaboration software – Chat and messaging platforms
- Endpoint Security – DAR (Data At Rest) security and full disk encryption
CISA notes that these categories are often quantum-resistant for data protection, even if they aren’t yet fully resistant for all digital signatures. In general, PQC standards (ML-KEM) are already integrated and accessible in the marketplace for these categories.
Transitioning categories
Naturally, this means that there are several areas where PQC is not yet ‘widely available’ but could be considered a ‘watch list’ for future procurement. The report specifies these as ‘technologies currently transitioning’. They include:
- Networking – Routers, firewalls, proxy servers, switches and appliances
- Identity management – ID management systems, providers, certificate authorities, HSMs
- Enterprise security – Continuous diagnostics, SIEM tools, intrusion detection, and password managers
- Peripherals – Office tech, email servers, hypervisors, wireless devices
- Telecoms hardware – VoIP, phone systems
- Data storage – Database, SQL servers
Interestingly, CISA excludes what it refers to as ‘non-traditional’ IT such as operational technology and IoT devices. It’s worth noting that the guidance considers these to be transitioning towards PQC. Certainly, for us at PQShield, this category is important – both in hardware and software, and we have a number of solutions that are NIST-standards compliant for these use cases.
Algorithm Certainty
CISA provides clarity on acceptable algorithms, preventing a fragmented range of solutions using different mathematics. Perhaps unsurprisingly, it cements the NIST standards ML-KEM, ML-DSA, SLH-DSA as the approach that must be taken, along with NISTSP 800-208 for LMS, HMS, XMSS and XMSSMT for stateful hash-based digital signature algorithms. Table 1 in the document provides further information.
Why is this important?
This guidance highlights a shift in how things are built.
By defining categories that are already PQC-ready (such as many built by PQShield) and making a distinction from product categories that are ‘transitioning’, CISA has focused the market on fixing what’s ready now, and splitting those product categories out from the watch-list of categories that are in development. For the US government, this pushes agencies to protect national security systems against the threat of HNDL, and for tech vendors it creates a commercial necessity to implement the NIST PQC standards in the supply chain.
You can read the full guidance here to find out more about CISA’s approach. Also, don’t forget to check out PQShield’s products page to see how we’re already helping the supply chain with our UltraPQ suite of product IP.