Overview 

The Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) defines the roadmap for the Department of War (DoW) (formerly known as the Department of Defense) to transition to post-quantum cryptography (PQC), establishing requirements and timelines for adopting quantum-resistant algorithms across National Security Systems (NSS). The document was revised in December 2024, with Version 2.1 focusing on key areas that can be effectively integrated into both commercial and federal systems. While these requirements can generally be applied as policy, vendors should view them as foundational elements that the Federal Civilian Executive Branch (FCEB) is likely to build upon. 

Homogeneity of NSS

National Security Systems are predominantly homogeneous, meaning they are typically managed in a similar manner across the enterprise. When the DoW issues a policy, it is generally applied uniformly with minimal exceptions regarding operations. In contrast, FCEB agencies enjoy greater independence due to their management of civilian data. This distinction highlights the varying degrees of flexibility that different agencies have in adopting and implementing CNSA 2.0. 

Key Milestones in the CNSA 2.0 PQC Transition 

According to Executive Orders (EO) 14144 and 14306, the government has set a timeline for the transition to PQC by 2035. While CNSA 2.0 supports this timeframe, it also lays out elements that facilitate an earlier transition. 

Expected Adoption by FCEB Agencies

I anticipate that FCEB agencies will adopt certain key aspects of CNSA 2.0, including: 

• Transition to NIST-approved Algorithms: All government systems will need to migrate to algorithms approved by the National Institute of Standards and Technology (NIST). This includes: 
  • Continuous monitoring and assessment of risks. 
  • Migration of all NSS systems by 2035 in accordance with National Security Memo (NSM)-10. 
  • A phased-out deadline by December 31, 2030, for all equipment and services that cannot support CNSA 2.0. By December 31, 2031, the use of CNSA 2.0 algorithms will be mandated unless otherwise noted. 

This timeline effectively accelerates the shift for government systems. Additionally, countries like India and Australia have also moved their transition timelines to the 2030-2033 range, indicating a global trend towards rapid adaptation. 

Guidelines for Security Controls

CNSA 2.0 provides vital guidelines for implementing effective security controls and practices, which include: 

• Recommendations for secure software development, data protection, and system integrity. 
• Starting January 1, 2027, the NSA expects new deployments to comply with CNSA 2.0. 

This aggressive timeline places significant pressure on vendors to provide PQC-resistant implementations at an accelerated pace. While I believe there will be necessary adjustments to this timeline within the federal system due to the diversity of system management, the urgency remains clear. 

Cryptographic Agility in the CNSA 2.0 PQC Transition

Cryptographic agility is a crucial concept within both transitions. The newly released NIST quantum-resistant algorithms, such as ML-KEM, ML-DSA, and SLH-DSA, are expected to be relevant for some time. However, as quantum computing power advances exponentially with the increase in qubits, the need for flexibility to transition between different algorithms becomes paramount. Meeting CNSA 2.0 requirements will depend on crypto-agility, enabling organizations to rapidly transition to post-quantum cryptography without disrupting existing systems. As NIST develops additional algorithms, they will likely serve multiple purposes depending on organizational computing resources. 

Moreover, the use of hybrid architecture will be essential for implementing both NSS and FCEB systems. Hybrid systems can provide a temporary solution while transitioning to fully quantum-resistant systems. 

Key Differences

Pre-Shared Keys

CNSA 2.0 discusses the use of pre-shared keys, which are set to be unauthorized by the DoW CIO memo released in late 2025. This stance may also be adopted by the FCEB. Vendor technologies, such as proxy-based solutions from QuSecure, demonstrate that pre-shared keys are not necessary for establishing secure quantum-resistant technology.

Quantum Key Distribution (QKD)

Infeasibility in U.S. Government Information Systems

Both CNSA 2.0 and the DoW memo indicate that Quantum Key Distribution (QKD) will not be utilized within DoW systems, including NSS. It is reasonable to expect that the FCEB will embrace this restriction as well. There are inherent challenges associated with QKD, including: 

• Cost and Equipment: The investment in QKD technology can be substantial, and the equipment requires ongoing maintenance. 
• Key vs. Data: QKD only carries the key, not the actual data that needs protection from adversaries. 
• Distance and Terrain Limitations: QKD’s effectiveness is limited by distance and terrain, making it less practical for widespread implementation. 

Given these limitations, investing in organizational PQC transitional software that can securely carry useful data between businesses is a more pragmatic approach. 

Conclusion

In summary, the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) is a critical document that outlines necessary steps for transitioning to post-quantum cryptography in both National Security Systems and Federal Civilian Executive Branch agencies. The emphasis on NIST-approved algorithms, aggressive timelines, and the rejection of outdated practices like QKD signal a significant shift in how federal systems will manage cybersecurity in the face of emerging quantum threats. As vendors, we must adapt to these requirements to remain compliant and competitive in a rapidly evolving landscape.