[フレーム]
You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

NIST CSWP 48 (Initial Public Draft)

Mappings of Migration to PQC Project Capabilities to NIST Cybersecurity Framework 2.0 and to Security and Privacy Controls for Information Systems and Organizations

Documentation Topics

Date Published: September 18, 2025
Comments Due: October 20, 2025 (public comment period is CLOSED)
Email Questions to: [email protected]

Author(s)

William Newhouse (NIST), Murugiah Souppaya (NIST), William Barker (Strativia), Karen Scarfone (Scarfone Cybersecurity)

Announcement

The project is designed to support and align with key NIST cybersecurity frameworks and security controls. Specifically, the project’s capabilities are informed by and mapped to the security objectives and controls outlined in two important NIST documents:

This white paper provides a mapping of the project’s capabilities to these two resources. This helps organizations align their PQC migration efforts with established security outcomes (and broader cybersecurity risk management practices) and identify specific security controls and objectives needed to successfully implement PQC migration.

Your Feedback Matters

We invite you to review this document and provide comments by October 20, 2025. You can submit comments by visiting the NCCoE project page.

If you have any questions or need further information, please don’t hesitate to contact the team at [email protected]. We encourage you to join the NCCoE PQC Community of Interest (COI) to receive project updates and stay involved!

Abstract

The capabilities demonstrated by the NCCoE Migration to Post-Quantum Cryptography project support several security objectives and controls identified by the NIST Cybersecurity Framework 2.0 (CSWP 29) and Security and Privacy Controls for Information Systems and Organizations (SP 800-53), respectively. A responsible implementation of the demonstrated capabilities depends on adherence to several security objectives and controls identified in these risk framework documents.

This paper identifies the supported and dependent characteristics of capabilities functions that are part of the Migration to Post-Quantum Cryptography project at NIST’s National Cybersecurity Center of Excellence and maps those functions to elements of both the NIST Cybersecurity Framework 2.0 and Special Publication 800-53 Revision 5.

The NCCoE Migration to Post-Quantum Cryptography project demonstrates practices to ease migration from the current set of public-key cryptographic algorithms to replacement algorithms resistant to quantum computer-based attacks. Project collaborators demonstrate using cryptographic discovery and inventory tools to allow an organization to learn where and how cryptography protects the confidentiality and integrity of the organization’s important data and digital systems. Project collaborators are also exploring interoperability of the NIST PQC algorithms for key establishment and digital signature schemes in internet communication protocols and hardware security modules (HSMs).

The capabilities demonstrated by the NCCoE Migration to Post-Quantum Cryptography project support several security objectives and controls identified by the NIST Cybersecurity Framework 2.0 (CSWP 29) and Security and Privacy Controls for Information Systems and Organizations (SP 800-53),... See full abstract

The capabilities demonstrated by the NCCoE Migration to Post-Quantum Cryptography project support several security objectives and controls identified by the NIST Cybersecurity Framework 2.0 (CSWP 29) and Security and Privacy Controls for Information Systems and Organizations (SP 800-53), respectively. A responsible implementation of the demonstrated capabilities depends on adherence to several security objectives and controls identified in these risk framework documents.

This paper identifies the supported and dependent characteristics of capabilities functions that are part of the Migration to Post-Quantum Cryptography project at NIST’s National Cybersecurity Center of Excellence and maps those functions to elements of both the NIST Cybersecurity Framework 2.0 and Special Publication 800-53 Revision 5.

The NCCoE Migration to Post-Quantum Cryptography project demonstrates practices to ease migration from the current set of public-key cryptographic algorithms to replacement algorithms resistant to quantum computer-based attacks. Project collaborators demonstrate using cryptographic discovery and inventory tools to allow an organization to learn where and how cryptography protects the confidentiality and integrity of the organization’s important data and digital systems. Project collaborators are also exploring interoperability of the NIST PQC algorithms for key establishment and digital signature schemes in internet communication protocols and hardware security modules (HSMs).


Hide full abstract

Keywords

algorithm; cryptography; encryption; identity management; key establishment and management; post-quantum cryptography; public key cryptography; quantum-resistant; vulnerable cryptography discovery
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.CSWP.48.ipd
Download URL

Supplemental Material:
Project homepage

Document History:
09/18/25: CSWP 48 (Draft)

AltStyle によって変換されたページ (->オリジナル) /