TL;DR: NIST NCCoE draft guidance on migration to post-quantum cryptography shifts the conversation from algorithm selection to migration planning, inventory, and cryptographic agility, according to Keyfactor. For IAM, PKI, and workload identity teams, the real issue is not only replacing algorithms but proving where cryptography lives and how fast it can change.
At a glance
What this is: This is a newsroom post on NIST NCCoE draft guidance for post-quantum cryptography migration, with the key finding that crypto-agility and inventory discipline now matter as much as algorithm choice.
Why it matters: It matters because identity, PKI, and workload governance depend on knowing every certificate, key, and dependency that will need to move when cryptographic standards change.
By the numbers:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities , 46% confirmed, 26% suspected.
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches.
👉 Read Keyfactor's newsroom post on NIST NCCoE post-quantum migration drafts
Context
Post-quantum cryptography migration is the process of identifying where cryptographic dependencies exist, deciding which algorithms need to change, and proving that systems can move without breaking trust. For identity teams, the governance problem is not just cryptography itself. It is the hidden inventory of certificates, keys, signing paths, and workload trust relationships that make a migration possible or impossible.
NIST NCCoE drafts on migration to post-quantum cryptography matter because migration will touch PKI, certificate lifecycle automation, code signing, device identity, and workload identity at the same time. That makes this a governance issue across NHI, human IAM, and infrastructure trust, not a narrow cryptography update. The organisations that know where their crypto sits will adapt faster than the ones still discovering it during the migration.
Keyfactor frames the drafts through the operational lens of trust and compliance, which is the right lens for practitioners. The critical question is no longer whether post-quantum change is coming, but whether identity and cryptographic estates are mapped well enough to absorb it without outages or trust loss.
Key questions
Q: How should security teams prepare for post-quantum cryptography migration?
A: Security teams should start with discovery, inventory, and dependency mapping before choosing algorithms or migration waves. The key is to identify every certificate, key, signing path, and workload trust relationship that will change, then prioritise the systems with the highest business and operational dependency.
Q: Why do certificate inventories matter for post-quantum migration?
A: Certificate inventories matter because they reveal where cryptographic trust is embedded in identity flows, service authentication, code signing, and device trust. Without that visibility, teams cannot estimate blast radius, sequence migration safely, or prove that replacement controls will not break production services.
Q: What breaks if organisations treat post-quantum migration as a one-time upgrade?
A: What breaks is the assumption that cryptographic change is isolated to one platform or one algorithm. In reality, trust dependencies are distributed across identity systems, applications, and workload authentication paths, so a one-time view misses hidden coupling and creates avoidable outage risk.
Q: Who should own post-quantum migration in an identity programme?
A: Ownership should sit jointly across PKI, identity governance, and infrastructure teams because the migration touches certificates, workload identity, and trust validation at the same time. A shared operating model is the only practical way to manage sequencing, validation, and exception handling.
Technical breakdown
What post-quantum migration changes in certificate lifecycle automation
Post-quantum migration is not a single key swap. It requires knowing where certificates are issued, renewed, pinned, embedded, or chained into dependent systems. Certificate lifecycle automation becomes the control plane for change because it shows which identities depend on which trust anchors and which deployments can be moved first. In practice, the hardest part is not generating a quantum-safe algorithm. It is proving that every certificate path can be reissued, validated, and rotated without service interruption.
Practical implication: build a complete inventory of certificate issuers, consumers, and renewal paths before you plan any cryptographic transition.
Why cryptographic discovery and inventory are the real migration control
Cryptographic discovery and inventory identify where keys, certificates, algorithms, and signing dependencies actually exist across cloud, endpoints, applications, and embedded systems. Without that visibility, migration planning is guesswork because teams cannot rank exposure, legacy dependency, or blast radius. Post-quantum planning therefore starts with mapping cryptography as an identity dependency, not as a compliance checklist. This is especially true when secrets and workload identities are scattered across multiple platforms and teams.
Practical implication: prioritise discovery of cryptographic assets and dependencies before selecting migration waves or remediation timelines.
How zero trust and workload identity depend on crypto agility
Zero trust assumes that identity proof, trust validation, and policy enforcement can adapt continuously. If cryptographic trust cannot be updated quickly, zero trust becomes brittle because workloads, service identities, and verification chains inherit old assumptions. Crypto agility is the ability to change algorithms, issuers, and trust anchors without redesigning the system each time. For workload identity, that means protocols and certificates must be replaceable without disrupting service-to-service authentication.
Practical implication: test whether workload identity, signing, and federation components can change cryptographic primitives without a full platform rebuild.
NHI Mgmt Group analysis
Post-quantum migration is really an identity inventory problem before it is a cryptography problem. Migration succeeds only when organisations can see every certificate, key, signing dependency, and workload trust path they operate. That makes discovery and governance the first control plane, not an afterthought. Practitioners should treat crypto-agility as a property of the identity estate, not a standalone cryptography project.
Certificate lifecycle automation becomes the migration mechanism that most programmes will underestimate. Certificates are the trust fabric behind application identity, device trust, code signing, and machine authentication. If issuance, renewal, and revocation are fragmented, post-quantum transition turns into a manual remediation exercise with outage risk attached. The field should read this as a warning that lifecycle maturity is a prerequisite for cryptographic change.
Identity and cryptographic governance now converge in the same operational register. Human IAM teams, NHI owners, and PKI operators have historically managed different pieces of trust, but post-quantum migration collapses those boundaries. The organisations that can coordinate inventory, rotation, and validation across all three will reduce migration friction. Practitioners should stop treating PKI as separate from identity governance.
Crypto agility is the durable control, not any single algorithm choice. NIST drafts signal a future in which specific algorithms will change again, but only agile estates can absorb those shifts without repeated rebuilding. That means architecture decisions should favour replaceable trust components, clear ownership, and auditable dependency maps. The practitioner takeaway is to design for change, not for one migration milestone.
Named concept: cryptographic trust debt. Legacy keys, certificates, and signing paths create hidden future cost when systems cannot move quickly to new cryptographic standards. That debt accumulates across applications, devices, and service identities until migration becomes a risk event rather than a planned update. Practitioners should measure that debt before they inherit it at scale.
From our research:
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches, according to The 2025 State of NHIs and Secrets in Cybersecurity.
- 62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure, according to The 2025 State of NHIs and Secrets in Cybersecurity.
- For a broader view of lifecycle controls and offboarding discipline, review the NHI Lifecycle Management Guide and map those controls to cryptographic migration planning.
What this signals
Cryptographic trust debt: post-quantum migration will expose every place identity programmes have allowed trust dependencies to accumulate without inventory or ownership. Teams that already know where certificates, keys, and signing paths live will have a controlled migration path, while everyone else will be discovering hidden coupling under deadline pressure.
With 91% of former employee tokens remaining active after offboarding, lifecycle discipline is already weaker than many programmes assume, and cryptographic migration will amplify that weakness if trust assets are not governed centrally. The practical signal is that identity teams should align certificate lifecycle, workload identity, and secrets governance now, before algorithm change becomes operational disruption.
The organisations best positioned for post-quantum change will treat discovery, rotation, and offboarding as one trust lifecycle, not separate controls. That is where the NHI Lifecycle Management Guide and the NIST Cybersecurity Framework 2.0 become useful together: one describes the identity work, the other the governance structure that can absorb change.
For practitioners
- Inventory cryptographic dependencies across identity estates Map every certificate issuer, consumer, signing workflow, and trust anchor across applications, devices, cloud platforms, and service identities. Use the inventory to identify where crypto changes will affect authentication, signing, or renewal first.
- Separate migration waves by dependency risk Group systems by exposure, business criticality, and trust chain complexity so that fragile workloads are not migrated alongside low-risk ones. This reduces outage risk and makes validation achievable in controlled phases.
- Test replaceability of trust components Validate whether certificate authorities, workload identity systems, and code-signing flows can change algorithms or trust anchors without redesigning adjacent services. If they cannot, the architecture is not crypto-agile enough for post-quantum change.
- Align PKI and identity governance teams Establish joint ownership for certificate lifecycle, workload identity, and cryptographic policy so migration decisions are not made in silos. The goal is a single view of trust dependencies and remediation priorities.
Key takeaways
- Post-quantum migration is a trust inventory problem as much as a cryptography problem.
- Certificate lifecycle automation and crypto discovery determine whether migration is manageable or chaotic.
- Practitioners should build crypto-agile identity estates now so future algorithm changes do not become outage events.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.DS-1 | Post-quantum migration depends on protecting data and trust chains across the identity estate. |
| NIST Zero Trust (SP 800-207) | PR.AC-1 | Zero trust depends on adaptable trust validation for workloads and service identities. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Certificate and secret lifecycle controls are central to migrating machine trust safely. |
Use NHI-03 to harden lifecycle processes for certificates, keys, and workload identities ahead of crypto change.
Key terms
- Crypto-agility: Crypto-agility is the ability to change cryptographic algorithms, trust anchors, and validation mechanisms without redesigning the system around them. In identity programmes, it means certificates, workload authentication, and signing dependencies can be updated quickly when standards change or a control is deprecated.
- Cryptographic trust debt: Cryptographic trust debt is the hidden operational cost created when certificates, keys, and signing paths are deeply embedded but poorly inventoried or owned. The debt only becomes visible when migration, rotation, or incident response requires change at speed and the organisation cannot move cleanly.
- Certificate lifecycle automation: Certificate lifecycle automation is the managed process of issuing, renewing, rotating, validating, and revoking certificates across an environment. It becomes a governance control when it provides visibility into where trust is used and a repeatable path for changing that trust without service disruption.
- Cryptographic discovery: Cryptographic discovery is the process of finding where cryptographic materials and dependencies exist across applications, infrastructure, and identity systems. It is the prerequisite for migration planning because teams cannot secure or replace what they have not mapped, especially at enterprise scale.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or lifecycle governance in your organisation, it is worth exploring.
This post draws on content published by Keyfactor: NIST NCCoE Publishes Drafts on Migration to Post-Quantum Cryptography. Read the original.
Published by the NHIMG editorial team on 2025-09-21.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
