White house

Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity - Key Takeaways on PQC

On January 16th, the White House issued an Executive Order outlining actionable strategies to safeguard the nation’s cybersecurity.

Section 4 of the order focuses on Securing Federal Government Communications and, in addition to addressing identity authentication, encryption, and Internet traffic, it also highlights the quantum computing threat to today’s cryptographic landscape. It outlines the urgency of adopting Post Quantum Cryptography (PQC) to secure the future of sensitive communications for all government-related organizations.

In this blog, we explore the Executive Order's PQC-related strategies, its implementation timeline, and best practices for fulfillment of requirements.

The role of Post Quantum Cryptography in the Executive Order

In the Executive Order, the White House recognizes the risk that quantum computers pose to the cybersecurity of the United States.

Therefore, the following specific measures were decided:

Include PQC support as required in government-related solicitations

  • Within 180 days: The Secretary of Homeland Security will release and regularly update a list of products that support post-quantum cryptography, divided into product categories.
  • Within 90 days of a product category being placed on this list: Agencies shall take steps to include in any solicitations for products in that category a requirement that products support PQC.
  • Agencies shall implement PQC key establishment or hybrid key establishment including a PQC algorithm as soon as practicable and supported by the products and services they are using.

Support foreign governments in their PQC transition

Support of TLS 1.3 for government agencies until 2030 at the latest

  • Within 180 days: To prepare for transition to PQC, agencies shall support, as soon as practicable, but not later than January 2, 2030, Transport Layer Security protocol version 1.3 or a successor version.

Use Hardware Security Modules to protect cryptographic keys

The Federal Government should take advantage of commercial security technologies and architectures, such as Hardware Security Modules (HSM), trusted execution environments, and other isolation technologies, to protect and audit access to cryptographic keys with extended lifecycles.

Guidelines for cryptographic key management

  • Within 270 days: Develop guidelines for the secure management of access tokens and cryptographic keys used by cloud service providers.
  • Within 60 days of the publication of the guidelines: Develop updated FedRAMP requirements, incorporating the guidelines concerning cryptographic key management security practices.
  • Within 60 days of the publication of the guidelines: Take appropriate steps to require FCEB agencies to follow best practices concerning the protection and management of hardware security modules, trusted execution environments, or other isolation technologies for access tokens and cryptographic keys used by cloud service providers in the provision of services to agencies.

For reasons of readability, we have omitted the institutes responsible.

Plan Your PQC Migration

Transitioning to Post-Quantum Cryptography is essential, but ensuring key management and protection along the way is just as critical.

  • Plan Your PQC Migration: Organizations seeking to collaborate with the US government must plan their PQC migration now, for example, by preparing a crypto inventory.
  • Prioritize Key Management: Showcasing robust cryptographic key management becomes increasingly vital – especially in cloud applications.
  • Protect Your Keys: Secure your (PQC) keys using trusted methods, for example by deploying a Hardware Security Module for generating, managing and storing keys.

Utimaco's Commitment to PQC

Utimaco welcomes the White House’s recognition for Post-Quantum Cryptography migration and the critical importance of reliable cryptographic key management, including the use of Hardware Security Modules to protect sensitive key material.

For years, we have been committed to shaping the future of cryptography for the quantum era. As active participants in influential committees and working groups on PQC—including a White House Round Table on Securing the Nation’s Cybersecurity—we are dedicated to driving innovation and setting standards for this transformative technology.

Our own HSMs – u.trust General Purpose HSM Se-Series – are designed crypto agile and can be upgraded with standardized PQC algorithms such as ML-KEM, ML-DSA, LMS, and XMSS already today. By choosing Utimaco, you meet not only PQC requirements but also ensure that cryptographic keys are generated and managed in a high-security environment—perfectly aligning with the White House’s stringent cybersecurity standards.

Join us for a webinar

Join us, along with our technology partner AppViewX, for a webinar to understand the urgency of migrating to PQC, explore NIST's new PQC standards and encryption algorithms, and gain practical strategies for ensuring certificate visibility, automation, and crypto-agility. 

Don't wait—secure your organization’s future today!

Author

About the Author

Kevin McKeogh

Kevin McKeogh

Senior Director, GP HSM Product Management at Utimaco
Downloads

Downloads

Wie können wir Ihnen helfen?

Sprechen Sie mit einem unserer Spezialisten und erfahren Sie, wie Utimaco Sie unterstützen kann.
Sie haben zwei verschiedene Arten von Downloads ausgewählt, so dass Sie verschiedene Formulare absenden müssen, die Sie über die beiden Tabs auswählen können.

Ihre Download-Sammlung:

    Direkt nach dem Absenden des Formulars erhalten Sie die Links zu den von Ihnen ausgewählten Downloads.

    Ihre Download-Sammlung:

      Für diese Art von Dokumenten muss Ihre E-Mail Adresse verifiziert werden. Sie erhalten die Links für die von Ihnen ausgewählten Downloads per E-Mail, nachdem Sie das unten stehende Formular abgeschickt haben.

      Downloads von Utimaco

      Besuchen Sie unseren Download-Bereich und wählen Sie aus: Broschüren, Datenblätter, White-Papers und vieles mehr. 

      Fast alle können Sie direkt ansehen und speichern (indem Sie auf den Download-Button klicken).

      Für einige Dokumente muss zunächst Ihre E-Mail-Adresse verifiziert werden. Der Button enthält dann ein E-Mail-Symbol.

      Download via e-mail

       

      Der Klick auf einen solchen Button öffnet ein Online-Formular, das Sie bitte ausfüllen und abschicken. Sie können mehrere Downloads dieser Art sammeln und die Links per E-Mail erhalten, indem Sie nur ein Formular für alle gewählten Downloads ausfüllen. Ihre aktuelle Sammlung ist leer.