The Office of Management and Budget has issued a memorandum directing federal agencies to submit by May 4, 2023, an inventory of information systems and related assets containing cryptographic systems that could be decrypted by quantum computers as part of the transition to post-quantum cryptography.
OMB Director Shalanda Young wrote in the Friday memo that agencies are expected to submit the inventory of such assets on an annual basis through 2035.
Agencies should appoint an official to oversee cryptographic inventory and migration efforts within 30 days of the memo’s publication.
The document directs the Office of the National Cyber Director to issue instructions concerning the collection and transmission of the inventory and procedures related to funding assessments within 90 days.
According to the memo, the National Institute of Standards and Technology should develop within 60 days a mechanism to facilitate the sharing of PQC best practices and testing data among agencies and with industry partners.
The Cybersecurity and Infrastructure Security Agency should introduce within a year a strategy on automated tooling and support for the assessment of agencies’ progress when it comes to PQC adoption.
