M 23 02 M Memo On Migrating To Post Quantum Cryptography
M 23 02 M Memo On Migrating To Post Quantum Cryptography
M 23 02 M Memo On Migrating To Post Quantum Cryptography
THE DIRECTOR
M-23-02
This memorandum provides direction for agencies to comply with National Security
Memorandum 10 (NSM-10), on Promoting United States Leadership in Quantum Computing
While Mitigating Risk to Vulnerable Cryptographic Systems (May 4, 2022). 1
I. OVERVIEW
1
Additionally, agencies must remain cognizant that encrypted data can be recorded now and later
decrypted by operators of a future CRQC.
This memorandum describes preparatory steps for agencies to undertake as they begin
their transition to PQC by conducting a prioritized inventory of cryptographic systems. Further,
this memorandum provides transitional guidance to agencies in the period before PQC standards
are finalized by the National Institute of Standards and Technology (NIST), after which OMB
will issue further guidance.
A. Requirements
As per NSM-10, “the United States must prioritize the timely and equitable transition of
cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of
the quantum risk as is feasible by 2035.”
To achieve this, OMB, in coordination with the Office of the National Cyber Director
(ONCD), and as directed by NSM-10, is to “establish requirements for inventorying all currently
deployed cryptographic systems, excluding National Security Systems.” NSM-10 also directs
OMB to instruct agencies on how to prioritize their inventories. Accordingly, this memorandum
establishes requirements for agencies to inventory their active cryptographic systems, with a
focus on High Value Assets (HVAs) and high impact systems. 6 As used in this memorandum,
the term “cryptographic system” means an active software or hardware implementation of one or
more cryptographic algorithms that provide one or more of the following services: (1) creation
and exchange of encryption keys; (2) encrypted connections; or (3) creation and validation of
digital signatures.
The inventory must encompass each information system or asset that is any of the
following, whether operated by the agency or on the agency’s behalf: 9
6
Defined by NSM-10 as “an information system in which at least one security objective (i.e., confidentiality,
integrity, or availability) is assigned a Federal Information Processing Standards (FIPS) 199 potential impact value
of ‘high.’”
7 For the purposes of this memorandum, “national security system” refers both to any information system described
2
• Any other system that an agency determines is likely to be particularly vulnerable
to CRQC-based attacks. 10 Agencies should include information systems or assets
that:
o Contain data expected to remain mission-sensitive in 2035; 11 or
o Are logical access control systems based in asymmetric encryption (such
as Public Key Infrastructure) that use any of the algorithms listed in
Appendix B.
Initially, agencies should focus their inventory on their most sensitive systems. OMB
expects to direct inventory by agencies of systems or assets not in the above scope through future
guidance on Federal Information System Modernization Act of 2014 12 requirements. At this
point in time, those systems need not be included in the inventory submitted to ONCD and
CISA.
For each information system or asset included in the ONCD/CISA inventory, agencies
must provide the following:
10 Agencies are encouraged to consult with CISA to help make these determinations.
11 This criterion refers to data that if recorded now, and later decrypted by a CRQC in 2035, would still be
considered mission sensitive.
12 44 U.S.C. §§ 3551 et seq. See also § 3552(b)(3)
13 Agencies shall only submit identifiers for systems and HVAs and shall not include names that identify the
employed during operation of the overall system, even if the cryptographic system is not employed during routine
use (for example, if it is only employed to support legacy clients).
16 For a list of CQRC-vulnerable algorithms, see Appendix B.
3
o The agency (on premise);
o A commercially operated cloud service provider, in which case the name
of the commercial provider must be supplied; 18
o A Government-operated cloud service provider, in which case the name of
the agency provider must be supplied; or
o A hybrid environment, in which case the name of the cloud service
provider(s) must be supplied.
8. Lifecycle characteristics of the data contained in the system, including types of
data (as described by national records management categories) and how long the
data and associated metadata need protection (i.e., “time to live”).
9. Any additional notes deemed relevant by the agency.
B. Timelines
Ninety days after the release of this memorandum, and annually thereafter, ONCD, in
coordination with OMB, CISA and the FedRAMP Program Management Office (PMO), will
release instructions for the collection and transmission of this inventory, which will include:
• A tool and procedure for agencies to submit their inventory to ONCD and CISA; and
• A process for the identification of common cryptographic systems (e.g., those used by
software suites or cloud service providers) used across agencies, so that agencies may
avoid inventorying those systems individually.
CISA and the National Security Agency (NSA) will evaluate whether for a security
classification guide (SCG) is needed for this inventory. If an SCG is needed, CISA will produce
one within 90 days of the issuance of this memorandum.
Agencies can find ONCD’s instructions and any related artifacts at the OMB MAX web
address provided in Section VII of this memorandum.
18 For cloud products or services accredited by FedRAMP, agencies should work with the FedRAMP PMO to obtain
a cryptographic implementation inventory.
4
III. ASSESSMENT OF FUNDING REQUIRED FOR PQC MIGRATION
No later than 30 days after the submission of each annual inventory of cryptographic
systems required under Section II of this memorandum, agencies are required to submit to
ONCD and OMB an assessment of the funding required to migrate information systems and
assets inventoried under this memorandum to post-quantum cryptography during the following
fiscal year. These agency assessments will inform the funding assessments required by NSM-10
Section 3(c)(iv).
Ninety days after the publication of this memorandum, and annually thereafter, ONCD,
in coordination with OMB, will release instructions to agencies that will include:
Agencies will be able to find these instructions at the OMB MAX web address provided
in Section VII of this memorandum.
Within one year of the publication of this memorandum, CISA, in coordination with NSA
and NIST, will release a strategy on automated tooling and support for the assessment of agency
progress towards adoption of PQC.
The testing of pre-standardized PQC in agency environments will help to ensure that
PQC will work in practice before NIST completes PQC standards and commercial
implementations are finalized. Agencies, particularly CISA, are encouraged to work with
software vendors to identify candidate environments, hardware, and software for the testing of
PQC. Examples of candidate environments, hardware, and software might include web browsers,
content delivery networks, cloud service providers, devices and endpoints, and enterprise devices
that initiate or terminate encrypted traffic.
To ensure that tests are representative of real-world conditions, they may be conducted,
or allowed to operate, in production environments, with appropriate monitoring and safeguards,
alongside the use of current approved and validated algorithms. In many cases, the test may be
5
conducted by the vendor across many customers or end users, and agencies are encouraged to
participate in these tests.
Within 60 days of the publication of this memorandum, NIST, in coordination with CISA
and the FedRAMP PMO, will establish a mechanism, as part of the working group described in
Section VI, to enable the exchange of PQC testing information and best practices among
agencies as well as with private sector partners.
Within 30 days of the publication of this memorandum, OMB and ONCD will establish a
cryptographic migration working group consisting of NIST, CISA, NSA, the FedRAMP PMO,
and agency representatives. This working group will be chaired by the Federal Chief Information
Security Officer and will provide assistance and coordination for agencies conducting
cryptographic inventories and migration.
All questions or inquiries should be addressed to the OMB Office of the Federal Chief
Information Officer (OFCIO) via email: [email protected].
Agencies can find consolidated implementation guidance for this memo on OMB MAX
at https://community.max.gov/x/tRBwig.
ATTACHMENTS
6
APPENDIX A
Interim Benchmarks
7
APPENDIX B
19
Agencies should work with CISA and vendors of products that utilize asymmetric algorithms not enumerated in
this table to determine if these algorithms are quantum-vulnerable. Agencies are encouraged to include any
asymmetric algorithm that is not definitively known to be quantum-resistant.