Marion Square

Federal agencies are no longer asking if they need to transition to post-quantum cryptography — they are being directed to do so. Mandates such as OMB M-23-02 and evolving NIST guidance have established clear expectations around cryptographic inventory, risk assessment and migration planning. Yet across government, a consistent challenge remains: how to operationalize these requirements without disrupting mission systems or creating long-term technical debt.

At the same time, emerging threats such as Harvest Now, Decrypt Later are accelerating urgency, particularly for agencies managing sensitive data with long-term confidentiality requirements. Adversaries are already collecting encrypted data today with the expectation of decrypting it in the future, reinforcing the need to act now not later.

This session will focus on bridging the gap between policy and execution. Attendees will gain a practical understanding of how to:

• Translate Federal mandates into actionable programs and timelines
• Prepare their agency for cryptographic discovery and inventory efforts
• Evaluate whether existing tools and architectures can support PQC migration or where gaps exist
• Prioritize systems and data based on mission risk and longevity
• Implement crypto-agility strategies that reduce rework and future migration cost

We will also discuss how agencies can approach training, governance and cross-team coordination to ensure system owners, security teams and leadership are aligned on both requirements and execution.

Importantly, this is not about introducing new complexity it is about building a sustainable, compliant cryptographic foundation. Cryptography remains one of the most tightly regulated components of federal cybersecurity and failure to align with validated standards can directly impact procurement, compliance and mission assurance.

Federal agencies are actively preparing for the impact of quantum technologies on existing systems and security architectures. A recent report from the U.S. Government Accountability Office highlights an important reality: while strategy and direction are well established, agencies are still working to define practical approaches for implementation.

This session will provide a practical discussion of what this means at the agency level. We will review key findings from the GAO report, including challenges related to ownership, coordination and moving from strategy to execution, and translate those into actionable considerations for federal teams. The discussion will focus on how to approach this transition in a structured way — establishing visibility into current environments, aligning stakeholders and developing a phased path forward that aligns with mission priorities and existing architectures.

The session will also provide a clear, grounded overview of quantum in the context of federal requirements, along with an introduction to available tools, supporting resources and training approaches that agencies can leverage to build understanding and begin operationalizing their transition.