Encryption, Cloud Security, Endpoint/Device Security

New CISA post-quantum cryptography tech list raises concerns

Quantum computing the future of technology illuminated on a circuit board

The Cybersecurity and Infrastructure Security Agency has unveiled a new shopping guide detailing software and hardware with quantum-resistant encryption in a bid to bolster federal agencies' readiness for post-quantum cryptography, CyberScoop reports.

Aside from noting the widespread availability of PQC standards in platform-as-a-service and infrastructure-as-a-service cloud platforms, browsers, servers, collaboration software, and endpoint security tools, the guidance also detailed hardware and software product categories transitioning to PQC standards, including software-as-a-service platforms, password managers, and intrusion detection tools.

However, such a document has been criticized by experts over its lack of consideration of the challenges related to post-quantum migration, with Arqit Field Chief Technology Officer and Head of Cryptography Roberta Faux and Patero Chief Operating Officer Peter Bentley emphasizing the guide's absence of information on creating cryptographic inventories.

"Without that visibility, and arguably developing a Cryptographic Discovery and Inventory best practice, 'PQC-enabled' becomes a marketing label instead of a verifiable capability, especially in hybrid or mixed-vendor environments," said Bentley.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds