NIST: Post-quantum cryptography push overlaps with existing security guidance
20 hours ago
- #post-quantum cryptography
- #cybersecurity
- #NIST
- NIST published guidance on post-quantum cryptography (PQC) implementation and its connection to cybersecurity safeguards.
- The draft document links PQC tools with NIST's Cybersecurity Framework and other guidance.
- PQC implementation relies on security objectives and controls from NIST's risk framework documents.
- Cryptographic technology inventories support Cybersecurity Framework practices like asset management.
- Analyzing cryptographic weaknesses aligns with identifying vulnerabilities in technology assets.
- Managing technology configurations is a prerequisite for implementing quantum-resistant algorithms.
- Identifying threats informs requirements for quantum-ready hardware security modules.
- PQC activities are mapped to NIST's security and privacy controls catalog (SP 800-53).
- NIST encourages organizations to collaborate on a CSF profile for PQC migration.
- Existing CSF profiles cover ransomware mitigation, GPS data integrity, and semiconductor manufacturing.