Executive Summary
In response to the June 6, 2025, Executive Order (EO) 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” the Cybersecurity and Infrastructure Security Agency (CISA) is providing and regularly updating the below lists to aid in post-quantum cryptography (PQC) adoption. The lists include hardware and software categories with example types of widely available products that use PQC standards to protect sensitive information.1 The lists focus on categories of available products, typically acquired by the federal government, that utilize cryptographic algorithms. Because PQC-capable products are widely available in the listed categories, organizations should acquire only PQC-capable products when planning acquisitions and procuring products in these categories.
Introduction
Purpose
The lists below are CISA’s response to Executive Order (EO) 14306, which instructed:
By December 1, 2025, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), and in consultation with the Director of the National Security Agency, shall release and thereafter regularly update a list of product categories in which products that support post-quantum cryptography (PQC) are widely available.
When a particular category offers widely available PQC-capable products, organizations should plan acquisitions to procure only PQC-capable products from that category.
Scope and Definitions
The scope of the lists below includes categories of hardware and software products that are—or are anticipated to be—widely available and use PQC standards.
Note: “Widely available” describes products that are generally available in the marketplace, and agencies can acquire them in accordance with their typical procurement policies and procedures.
The categories cover hardware and software products that apply PQC standards for encryption and authentication through the following cryptographic functions:
- Key establishment:2 A function in the lifecycle of keying material; the process by which cryptographic keys are securely established among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key-transport and/or key-agreement protocols), or a combination of automated and manual methods (consisting of key transport plus key agreement).
- Digital signatures:3 The result of a cryptographic transformation of data that, when properly implemented, provides the services of 1. origin authentication, 2. data integrity, and 3. signer non-repudiation.
Key establishment is often essential for establishing confidential communication using encryption among two or more parties. Digital signatures are often essential for authenticating the parties participating in a communication and for establishing the authenticity of data, products, and services.
Automated cryptographic discovery and inventory products are out of scope of these lists.
Considerations for Products That Use PQC Standards
PQC Transition of Information Technology (IT) Infrastructure
Recognizing the global need to support PQC algorithms, product manufacturers are developing new products and updating existing products to incorporate post-quantum cryptographic standards.
National Institute of Standards and Technology
In 2016, the National Institute of Standards and Technology (NIST) initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. The ongoing PQC standardization process has produced PQC standards and will likely standardize additional algorithms in the coming years.
The NIST Internal Report (IR) 8547, Transition to Post-Quantum Cryptography Standards, describes NIST’s expected approach to transitioning from quantum-vulnerable cryptographic algorithms to post-quantum digital signature algorithms and key-establishment schemes. The report identifies existing quantum-vulnerable cryptographic standards and the current quantum-resistant standards that organizations will use in the transition. The report informs the efforts and timelines of federal agencies, industry, and standards organizations for transitioning products, services, and infrastructure to PQC. NIST will revise this report and feed into other algorithms- and application-specific guidance for the transition to PQC as necessary to support transition timelines.
Table 1 shows three NIST PQC standards along with a recommendation for stateful hash-based signature algorithms that support quantum-resistant standards.
|
Cryptographic Function |
Algorithm Standard |
Standard |
|---|---|---|
| Key Establishment | Module-Lattice-Based Key- Encapsulation Mechanism (ML-KEM) | Federal Information Processing Standards (FIPS) 203 |
| Digital Signature | Module-Lattice-Based Digital Signature Algorithm (ML-DSA) | Federal Information Processing Standards (FIPS) 204 |
| Digital Signature | Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) | Federal Information Processing Standards (FIPS) 205 |
| Digital Signature | Stateful Hash-Based Digital Signature Algorithms: Leighton-Micali Signature Scheme (LMS), Hierarchical Merkle Signature Scheme (HMS), eXtended Merkle Signature Scheme (XMSS), eXtended Merkle Signature Scheme with Multi-Tree (XMSSMT) | NISTSP 800-208 |
Product Lists
Table 2 details widely available categories with respective types of hardware and software products that use PQC standards to protect sensitive information well into the foreseeable future, including after the advent of a cryptographically relevant quantum computer (CRQC). Organizations building PQC migration plans can use these categories as a guide to assess future technological needs. Once a category is listed as having PQC-capable products widely available, organizations should plan acquisitions to procure only PQC-capable products in that category.4
Table 3 does not list categories of PQC-capable products that are currently widely available; instead, it lists product categories where manufacturer implementation and testing of PQC capabilities are encouraged. It is important that the products listed in Table 3 implement PQC for core features and for all secondary functionality, such as for software updates. As the Table 3 product categories mature their capabilities and transition to PQC, CISA will move them from Table 3 to the list in Table 2.
Tables 2 and 3 consider efforts within the General Services Administration (GSA),5,6 CISA,7 NIST,8 and the National Security Agency (NSA)9. Note: Tables 2 and 3 are not exhaustive lists; CISA will periodically update these tables as needed to cover new examples of widely available products that use PQC standards.
|
Product Category* |
Example Product Type |
|---|---|
| Cloud Services | Platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS) |
| Collaboration Software | Chat/messaging |
| Web Software | Web browsers, web servers |
| Endpoint Security10 | Data at rest (DAR) security, full disk encryption |
* Most of these categories have implemented PQC for key encapsulation and key agreement but have not yet widely implemented PQC for digital signatures and authentication. As a result, these categories are not considered to be fully quantum resistant; CISA includes them on this list because one of their main security services is quantum resistant and Federal Civilian Executive Branch (FCEB) departments and agencies should procure them appropriately.
|
Product Category |
Example Product Type |
|---|---|
| Networking Hardware | Proxy servers, routers, firewalls, switches, appliances |
| Networking Software | Software-defined network (SDN), domain name service (DNS), network operating systems |
| Cloud Services | Software-as-a-service (SaaS) |
| Telecommunications Hardware | Desk phones, fax machine, voice over IP (VoIP), radio |
| Computers (Physical and Virtual) | Operating systems, hypervisors, containers |
| Computer Peripherals | Wireless keyboards, wireless headsets |
| Storage Area Network | Appliances, operating systems, applications |
| Identity, Credential, and Access Management (ICAM) Software | Identity management systems, identity provider and federation services, certificate authorities, access brokers, access management software, public key infrastructure (PKI) management software |
| Identity, Credential, and Access Management (ICAM) Hardware | Hardware security modules (HSM), authentication tokens, badges/cards, badge/card readers |
| Collaboration Software | Email clients, email servers, conferencing, file sharing |
| Data | Database, Structured Query Language (SQL) server |
| Endpoint Security | Password managers, antivirus/anti-malware software, asset management |
| Enterprise Security | Continuous diagnostics and mitigation (CDM) tools, intrusion detection/monitoring, inspection systems, security information, and event monitoring (SIEM) |
Note: The above lists exclude categories of hardware and software products, such as operational technology (OT) and internet of things (IoT) devices, that are not considered traditional IT products. These also should be transitioning to PQC standards as well but are out of scope for these lists.
Notes
- Per EO 14306, “the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), and in consultation with the Director of the National Security Agency, shall release and thereafter regularly update a list of product categories in which products that support post-quantum cryptography (PQC) are widely available.”
- https://csrc.nist.rip/glossary/term/key_establishment
- https://csrc.nist.rip/glossary/term/digital_signature
- Even once a product that supports PQC standards is procured, it may need to use non-PQC algorithms for a time for interoperability reasons.
- https://buy.gsa.gov/api/system/files/documents/final-508c-pqc_buyer-s_guide_2025.pdf
- https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/multiple-award-schedule-it
- https://www.cisa.gov/sites/default/files/cdm_files/HWAMInitializationGuide.pdf
- https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/critical-software-definition-explanatory
- https://www.niap-ccevs.org/products
- The principal security service of the Endpoint Security category is not naturally quantum vulnerable. When procuring, one needs to ensure that other relevant features of the product, such as firmware updates, are utilizing post-quantum cryptography (PQC).
Please share your thoughts!
We welcome your feedback.
CISA Product Survey
