The NSA has defined the algorithms, set the deadlines, and started the clock. CNSA 2.0 is the federal government’s most specific mandate yet for the post-quantum transition, and its impact reaches into every industry that handles sensitive, long-lived data.
The Commercial National Security Algorithm Suite 2.0, commonly referred to as CNSA 2.0, is a cybersecurity framework published by the National Security Agency (NSA) in September 2022 and updated most recently in December 2024. It defines the specific quantum-resistant cryptographic algorithms that must be used to protect National Security Systems (NSS), the classified and sensitive unclassified systems used across the U.S. government and defense industrial base.
CNSA 2.0 replaces the original CNSA 1.0 suite, which relied on classical algorithms, including RSA, ECC, and AES, that quantum computers will eventually render vulnerable. The new suite specifies post-quantum replacements with defined transition timelines, making it the most operationally specific quantum-readiness mandate issued by any U.S. government agency to date.
For organizations that work with or sell to the federal government, CNSA 2.0 is not advisory. It is a requirement.
CNSA 2.0 specifies four primary algorithm categories for protecting National Security Systems:
ML-KEM-1024 (FIPS 203) for key establishment and encryption
ML-DSA-87 (FIPS 204) for digital signatures in most applications
LMS / XMSS (NIST SP 800-208) for software and firmware signing
AES-256 retained for symmetric encryption
This framework also explicitly excludes several algorithms that NIST standardized but NSA declined to approve for NSS use, including SLH-DSA and quantum key distribution (QKD). A notable distinction for organizations building to both NIST and NSA compliance simultaneously.
For the authoritative algorithm list and compliance guidance, see the NSA’s CNSA 2.0 announcement.
Compliance deadlines under CNSA 2.0 are staggered by system type and have already begun. EnQuanta is always tracking these requirements closely as they evolve.
The most urgent near-term gate is January 1, 2027 — the date by which all new NSS deployments must be compliant with CNSA 2.0 algorithms upon delivery, unless explicitly noted otherwise in approved profiles. For defense contractors and systems integrators, this is not a future planning item. Any system entering procurement now is subject to this requirement.
CNSA 2.0 does not set a single migration deadline. It establishes a staggered schedule by system category, with two milestones for each: a “support and prefer” date, when systems must be capable of using CNSA 2.0 algorithms and should default to them, and an “exclusively use” date, when legacy algorithms are no longer permitted.
Quantum and AI threats are exposing the fundamental limitations of the traditional security models. Our whitepaper explains why Harvest Now Decrypt Later, large institutional cryptographic debt, and compressed PQC timelines have created a tipping point for enterprise, and outlines the steps organizations must take now to stay ahead.
CNSA 2.0 is mandatory for National Security Systems. Its reach is broader than that definition suggests.
Any organization that designs, builds, operates, or supplies technology for NSS is directly subject to CNSA 2.0 requirements. This includes defense contractors, systems integrators, cloud service providers supporting government programs, and software vendors whose products touch classified or sensitive government environments.
Beyond mandatory compliance, the NSA explicitly recommends that organizations in financial services, healthcare, and critical infrastructure adopt CNSA 2.0 algorithms as best practice, particularly for data with secrecy requirements extending beyond 2030. The reason is straightforward. Harvest Now, Decrypt Later attacks are already collecting that data today.
CNSA 2.0 and NIST’s Post Quantum Cryptography standards are related but not interchangeable. NIST’s role is to standardize algorithms for broad federal and commercial use. NSA’s role is to select from those standards, and in some cases narrow them further, for National Security Systems specifically.
The key practical difference: CNSA 2.0 is more prescriptive. Where NIST offers a menu of approved algorithms, CNSA 2.0 specifies exactly which ones to use, at which key lengths, for which use cases. Organizations that build to CNSA 2.0 are building to a higher and more specific bar than NIST PQC compliance alone.
Meeting CNSA 2.0 is not purely a question of adopting new algorithms. It requires the underlying architecture to support rapid cryptographic transitions, the ability to update ciphers, keys, and protocols without system-wide disruption. This property is called cryptographic agility, and it is implicitly required by CNSA 2.0’s staggered timelines and ongoing update cycle.
Organizations with cryptographically rigid systems will find CNSA 2.0 migration expensive, slow, and risk-prone. The cost compounds at enterprise or program scale, where dozens of systems may each require individual remediation.
EnQuanta’s QuantaCrypt™ Product Suite is designed to meet CNSA 2.0 requirements within a crypto-agile, assumption-free framework, supporting the required algorithms while enabling seamless transitions as standards evolve. No hardware replacement. No code refactoring of existing applications and infrastructure. For organizations in or supplying the defense industrial base, this is the architecture CNSA 2.0 demands.
For a broader look at how Quantum+AI convergence is accelerating these compliance timelines, see Understanding the Quantum+AI Threat.
As you begin to evaluate risks and options for PQC transition compliance, we can support your process with deep insight and guidance. Contact us to explore your questions, your priorities, and next steps.
