White house

Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity - Key Takeaways on PQC

On January 16th, the White House issued an Executive Order outlining actionable strategies to safeguard the nation’s cybersecurity.

Section 4 of the order focuses on Securing Federal Government Communications and, in addition to addressing identity authentication, encryption, and Internet traffic, it also highlights the quantum computing threat to today’s cryptographic landscape. It outlines the urgency of adopting Post Quantum Cryptography (PQC) to secure the future of sensitive communications for all government-related organizations.

In this blog, we explore the Executive Order's PQC-related strategies, its implementation timeline, and best practices for fulfillment of requirements.

The role of Post Quantum Cryptography in the Executive Order

In the Executive Order, the White House recognizes the risk that quantum computers pose to the cybersecurity of the United States.

Therefore, the following specific measures were decided:

Include PQC support as required in government-related solicitations

  • Within 180 days: The Secretary of Homeland Security will release and regularly update a list of products that support post-quantum cryptography, divided into product categories.
  • Within 90 days of a product category being placed on this list: Agencies shall take steps to include in any solicitations for products in that category a requirement that products support PQC.
  • Agencies shall implement PQC key establishment or hybrid key establishment including a PQC algorithm as soon as practicable and supported by the products and services they are using.

Support foreign governments in their PQC transition

Support of TLS 1.3 for government agencies until 2030 at the latest

  • Within 180 days: To prepare for transition to PQC, agencies shall support, as soon as practicable, but not later than January 2, 2030, Transport Layer Security protocol version 1.3 or a successor version.

Use Hardware Security Modules to protect cryptographic keys

The Federal Government should take advantage of commercial security technologies and architectures, such as Hardware Security Modules (HSM), trusted execution environments, and other isolation technologies, to protect and audit access to cryptographic keys with extended lifecycles.

Guidelines for cryptographic key management

  • Within 270 days: Develop guidelines for the secure management of access tokens and cryptographic keys used by cloud service providers.
  • Within 60 days of the publication of the guidelines: Develop updated FedRAMP requirements, incorporating the guidelines concerning cryptographic key management security practices.
  • Within 60 days of the publication of the guidelines: Take appropriate steps to require FCEB agencies to follow best practices concerning the protection and management of hardware security modules, trusted execution environments, or other isolation technologies for access tokens and cryptographic keys used by cloud service providers in the provision of services to agencies.

For reasons of readability, we have omitted the institutes responsible.

Plan Your PQC Migration

Transitioning to Post-Quantum Cryptography is essential, but ensuring key management and protection along the way is just as critical.

  • Plan Your PQC Migration: Organizations seeking to collaborate with the US government must plan their PQC migration now, for example, by preparing a crypto inventory.
  • Prioritize Key Management: Showcasing robust cryptographic key management becomes increasingly vital – especially in cloud applications.
  • Protect Your Keys: Secure your (PQC) keys using trusted methods, for example by deploying a Hardware Security Module for generating, managing and storing keys.

Utimaco's Commitment to PQC

Utimaco welcomes the White House’s recognition for Post-Quantum Cryptography migration and the critical importance of reliable cryptographic key management, including the use of Hardware Security Modules to protect sensitive key material.

For years, we have been committed to shaping the future of cryptography for the quantum era. As active participants in influential committees and working groups on PQC—including a White House Round Table on Securing the Nation’s Cybersecurity—we are dedicated to driving innovation and setting standards for this transformative technology.

Our own HSMs – u.trust General Purpose HSM Se-Series – are designed crypto agile and can be upgraded with standardized PQC algorithms such as ML-KEM, ML-DSA, LMS, and XMSS already today. By choosing Utimaco, you meet not only PQC requirements but also ensure that cryptographic keys are generated and managed in a high-security environment—perfectly aligning with the White House’s stringent cybersecurity standards.

Join us for a webinar

Join us, along with our technology partner AppViewX, for a webinar to understand the urgency of migrating to PQC, explore NIST's new PQC standards and encryption algorithms, and gain practical strategies for ensuring certificate visibility, automation, and crypto-agility. 

Don't wait—secure your organization’s future today!

Author

About the Author

Kevin McKeogh

Kevin McKeogh

Senior Director, GP HSM Product Management at Utimaco
Descargas

Descargas

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.