Pqc readiness and crypto-agility under the new EO

TL;DR: The Executive Order on securing the nation against advanced cryptographic attacks pushes organisations to turn post-quantum cryptography strategy into execution, with milestones aimed at 2030 for key exchange and 2031 for digital signatures, according to Keyfactor. The real issue is crypto-agility, because inventory, ownership, and reporting now determine whether migration can happen fast enough.

NHIMG editorial — here’s why we think this discussion matters

Questions worth separating out

Q: How should security teams prepare for post-quantum cryptography migration?

A: Start with a complete cryptographic inventory, then rank dependencies by business criticality and replacement complexity.

Q: Why does crypto-agility matter for identity and access programmes?

A: Crypto-agility matters because identity systems depend on certificates, signatures, and trust chains that must be replaced without service disruption.

Practitioner guidance

• Inventory cryptographic dependencies across the estate Map certificates, keys, signatures, and trust relationships across workloads, applications, devices, and identity systems.
• Prioritise the highest-friction trust paths first Focus early on code signing, device authentication, service-to-service identity, and customer-facing TLS paths because these dependencies are hardest to replace under live traffic.
• Establish cryptographic ownership and reporting Assign a business owner and a technical owner for each cryptographic domain, then create reporting that shows which systems rely on long-lived algorithms, embedded keys, or manually managed certificates.

What to expect at the briefing

Keyfactor's full webinar covers the operational detail this post intentionally leaves for the source:

• Milestone guidance for moving from PQC strategy to execution across security and infrastructure teams
• Practical steps for inventorying cryptographic assets before migration planning begins
• Discussion of ownership and reporting requirements introduced by the Executive Order
• Implementation considerations for large-scale cryptographic migration and crypto-agility

👉 Register for Keyfactor's webinar on the Executive Order and advanced cryptographic threats →

Pqc readiness and crypto-agility under the new EO?

Explore further

View Full Forum →  |  NHI Foundation Course →