Meeting Federal Mandates: From Quantum Safe to Zero Trust

Federal agencies are under constant pressure to meet new and ever evolving cybersecurity mandates. Quantum Xchange has written a lot about the Biden administration’s efforts to lead the world when it comes to preparing federal networks for Q-Day – the day a quantum computer can break existing encryption standards.

In parallel to the National Institute for Standards and Technology post-quantum cryptography standardization project, President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law, which sets out several obligations on federal agencies to prepare their migration to quantum-secure cryptography. Included in the Act is H.R. 7535, calling on each executive agency to maintain an inventory of all information technology in use that is vulnerable to decryption by quantum computers. Further quantum-safe mandates and requirements are laid out in the National Cybersecurity Strategy released earlier this year and its corresponding Implementation Plan whereby Pillar 4, Investing in a Resilient Future, tackles future-forward security measures like crypto-agility and quantum-safe encryption.

In addition to the quantum-specific government mandates, federal agencies must also contend with the government’s move to a zero-trust security model or a combination of security principles that limit internal employee access to the documents and data needed to do their jobs. The White House ordered all civilian government agencies last year to establish and implement a zero-trust plan by the end of September 2024 under the administration’s zero-trust strategy.

Like NIST guidance and H.R. 7535 recommending that post-quantum migration efforts begin with a full inventory of the use of cryptography across the organization, the move toward zero trust requires organizations audit what classified information is stored online, which employees and third-party digital tools have access to that info, and what additional security layers are needed to keep bad actors out.

With the launch of our new network monitoring and risk assessment tool, CipherInsights, Quantum Xchange can help organizations quickly monitor, assess, prioritize, and mitigate risk as they execute against their zero-trust plan and maturity model.

The inside-out risk assessment tool exemplifies zero trust in the following ways:

  • Identifies risk in every network transaction (appliance, VM or cloud)
  • Evaluates compliance to zero-trust policies.
  • Continuous monitoring; not a point-in-time scan.
  • Fact-based assessment; no false positives.
  • Customer hosted; data stays in-house.
  • No dependence on data from other products.

Contact Quantum Xchange to learn more about initiating your move to zero-trust and better preparing for the inevitable post-quantum cryptography migration with our robust discovery, inventory, and management capabilities.

Subscribe to the Quantum Xchange Monthly Newsletter

Quantum Xchange does not share or rent your information to any third parties.