As quantum computers approach the capability to break classical public-key systems, enterprises and agencies must begin PQC migration now. With the first NIST post-quantum standards finalized in 2024, organizations should inventory their cryptographic assets and plan transitions without delay.

This preparation is guided by national roadmaps (US, UK, EU, etc.) targeting full PQC adoption by ~2035. Key principles are hybrid cryptography (combining classical and quantum-resistant algorithms) and crypto agility (architectures that allow swapping algorithms).

Below is a detailed, implementation‑focused checklist of tasks and considerations, divided by category. Each task includes short-term (near-term) and long-term actions aligned with timeline milestones.

PQC Migration Timesline and Milestones

Migration Timeline and Milestones

  • By 2028 (Near-Term): Discovery & Planning.

    • Define clear PQC migration goals and assign leadership.

    • Perform a full cryptographic discovery: catalog all certificates, keys, algorithms, and crypto-dependent services across your estate.

    • Build an initial migration roadmap with timelines, budgets, and success metrics.

  • 2028–2031 (Mid-Term): Pilot & Prioritize.

    • Execute early migration on highest-risk systems (e.g. critical assets, long-lived secrets).

    • Conduct pilots of PQC and hybrid schemes in test environments

    • Refine the plan based on findings.

  • By 2035 (Long-Term): Full Transition.

    • Target full PQC implementation on remaining systems and services.

    • By this deadline, legacy classical-only algorithms should be phased out and replaced with quantum-resistant or hybrid solutions wherever feasible.

Crypto Inventory and Risk Assessment

  • Inventory All Crypto Assets: Use automated discovery tools and manual reviews to find every instance of cryptography in your network and applications. This includes certificates, key stores, SSL/TLS endpoints, VPNs, code-signing keys, hardware roots of trust (TPMs, HSMs), IoT devices, and embedded keys. Record the algorithm types (RSA, ECC, symmetric) and key lengths in use.

  • Data Classification & Exposure: Classify data by sensitivity, lifetime, and compliance requirements. Identify data at risk of “harvest now, decrypt later” attacks (data needing long-term confidentiality). For each asset, estimate its exposure and lifespan: e.g. how long keys must remain secure. Prioritize assets that protect high-value or long-lived data.

  • Third-Party Dependencies: Catalog vendor/supply‑chain components that use cryptography: cloud platforms, managed services, appliances, and partner systems. Record the algorithms and key management in those components. Note any hard-coded keys or legacy systems that cannot be easily updated.

  • Crypto Inventory Tools: Deploy crypto discovery scanners and certificate auditing tools to automate inventory. Supplement with code reviews of custom applications or firmware to catch non-standard crypto. Update the inventory continuously as systems change.

System and Infrastructure Preparedness

  • Assess Cryptographic Support: For each system, determine if software and hardware can support PQC. Plan OS and library upgrades (e.g. OpenSSL, SSH, TLS stacks) that include PQC primitives. For example, upgrade to releases (like RHEL 10) already shipping preliminary post-quantum modules (ML-KEM for key exchange, ML-DSA for signatures).

  • Key Management & Certificates: Plan key management upgrades: shorter certificate lifetimes and automated renewal will be needed during migration. Update certificate authorities (internal CAs or PKI) to issue PQC or hybrid certificates. Ensure public-key infrastructure (PKI) components (CAs, OCSP, CRLs) can handle new algorithms. Design backward-compatible certificate chains (e.g. dual-signature certificates) if needed.

  • Hardware and Firmware: Work with hardware vendors on PQC readiness. Next-generation HSMs, TPMs, secure elements and firmware should support NIST PQC algorithms (FIPS 140-3 validation expected in 2025). Plan for hardware/firmware updates (UEFI Secure Boot, TPM microcode) that can load new crypto code. For devices that cannot be updated, plan their phase-out.

  • Crypto Agility by Design: Architect systems for algorithm agility. Use modular libraries and crypto APIs that allow selecting algorithms at runtime. Where possible, employ algorithm identifiers (from upcoming standards) to allow seamless switching. Checklist: design crypto-agile patterns and document how to integrate new PQC algorithms.

  • Short-Term Mitigations: Until full PQC is in place, use layered protections: consider hybrid encryption (classical + quantum) in tunnels or storage, and employ out-of-band safeguards for critical keys. For example, use double-wrapping of keys or split-key storage as a temporary measure.

Phased Rollout and Deployment

  • Staged Migration:

    • Roll out PQC in phases.

    • Start with new systems and those where software is easiest to update.

    • Next migrate mission-critical applications (e.g. cloud services, VPNs, code signing).

    • Finally address legacy/embedded systems. Follow the “high-risk by 2030, complete by 2035” sequence.

  • Hybrid Adoption:

    • During transition, use hybrid cryptography extensively: operate classical and PQC algorithms in parallel.

    • For example, enable hybrid cipher suites so session keys are secured by both classical and quantum-resistant key exchanges.

    • Update clients/browsers and servers to support the latest IETF PQC drafts (expected ~2027).

    • Ensure that fallback to classical crypto is well-defined until full PQC acceptance.

  • Key Rollout:

    • Migrate keys and certificates in a controlled way.

    • Issue new PQC or hybrid certs alongside old ones.

    • Phased certificate renewal (shorter lifetimes) can help cut over smoothly.

    • Revoke and replace old certificates systematically.

    • Use load-balanced or canary deployments: migrate a subset of traffic to PQC endpoints to monitor behavior before full cutover.

  • Monitoring & Alerting:

    • Implement crypto health monitoring to detect any rollback to vulnerable algorithms.

    • Instrument logs and alerts for mismatches in expected algorithms or failures in hybrid negotiation.

    • Monitor performance impacts and user experience continuously.

    • Adjust resource allocation or fallback policies as needed to maintain service levels.

Ongoing Review and Crypto Agility

  • Continuous Inventory Updates:

    • Keep the crypto asset inventory current.

    • After each migration phase, update records of which systems have been hardened and which still use legacy crypto.

    • Track progress against the migration roadmap.

    • Regularly scan for newly introduced crypto (e.g. new applications) and update plans.

  • Future-Proofing & Agility:

    • Maintain a crypto-agile architecture by default.

    • Ensure that future algorithm changes (e.g. new PQC finalists or NSA Suite B retirement) can be accommodated without extensive rewrites.

    • Continue to adopt algorithm-agnostic design patterns: for example, support dynamic loading of crypto modules and prioritize use of libraries that can be updated via patches.

  • Standards Watch:

    • Stay aligned with evolving standards.

    • Monitor NIST PQC workshops, PKI Consortium PQC conferences, IETF RFCs, and certification updates.

    • Plan for next-generation needs (e.g. post-quantum authenticated encryption, quantum-resistant key reuse protections).

    • Adjust policies and system requirements as new FIPS standards and compliance guidance are released.

  • Training & Exercises:

    • Keep staff trained on PQC tools and processes.

    • Update incident response and disaster recovery playbooks to include PQC failures or quantum-related attack scenarios.

    • Conduct regular drills (“tabletop exercises”) for quantum threat incidents.

    • Promote a culture of crypto agility: security teams should routinely consider new algorithms in threat models.

By following this structured checklist – mapping assets, upgrading systems, aligning policies, coordinating with vendors, and rolling out in phases -organizations can migrate confidently to quantum-resistant security. Prioritize hybrid deployments and build in agility now so that by 2035 (the commonly advised target) all critical systems will be protected by state‑of‑the‑art, PQC-secure cryptography.

FAQ

When should organizations realistically start preparing for Post-Quantum Cryptography?

Now. PQC preparation is a multi-year transformation, not a last-minute upgrade. Inventorying cryptographic assets, updating PKI architectures, and validating PQC-ready vendors can take several years. Additionally, Harvest-Now-Decrypt-Later (HNDL) attacks mean data encrypted today may be compromised in the future. Most organizations should aim for crypto-agility and hybrid deployments by 2026, ahead of regulatory mandates.

What is the first concrete step an organization should take toward PQC readiness?

The first step is a cryptographic inventory and risk classification. Organizations must identify:

  • Where cryptography is used (PKI, TLS, VPNs, code signing, firmware)

  • Which algorithms are in use

  • Which data requires long-term confidentiality or integrity

Without this visibility, PQC migration efforts become fragmented, costly, and risky.

Do organizations need to fully replace existing PKI to adopt PQC?

No. The recommended approach is hybrid cryptography, which combines classical algorithms (RSA/ECC) with PQC algorithms. This preserves backward compatibility while introducing quantum-resistant security. Hybrid models allow organizations to deploy PQC safely, incrementally, and without service disruption, especially in regulated or legacy environments.

How does PQC readiness impact compliance, governance, and vendor strategy?

PQC readiness is becoming a governance and supply-chain issue, not just a technical one. Organizations must:

  • Ensure vendors support PQC and crypto-agility

  • Align with evolving standards (NIST, ETSI, ISO, national frameworks)

  • Update policies, audits, and risk models

Early adopters reduce future compliance pressure, avoid rushed migrations, and demonstrate long-term digital trust leadership.