Post Quantum Cryptography: Federal Mandates, Market Drivers and What IT Companies Should Do Now
The Quantum Threat and The Need for Change
Quantum computing is introducing a newer cybersecurity risk with the potential to undermine encryption methods that are currently considered secure, reducing their effectiveness against future threats. For federal agencies and national security systems, this is critical as they rely on cryptography to protect data, identities, software and communications. The risk is not theoretical for planning purposes. The real concern is attackers’ practice of “harvest now, decrypt later”, when encrypted data is copied and kept until quantum computers can decrypt it later. The challenge for the federal government, as well as IT companies, is no longer about whether changes are needed, but how quickly they can be addressed without disrupting operations. This is particularly significant to the national security systems, as a security failure is not an option.
PQC Mandates
Currently, federal PQC mandates (EO 14028, EO 14144, EO 14306, OMB M-23-02 and NSM-10) center on inventorying quantum-vulnerable cryptography, adopting NIST’s finalized PQC standards and planning the migration of a government-wide timeline. For national security systems, NSA’s CNSA 2.0 (Commercial National Security Suite 2.0) provides the clearest compliance criterion, setting requirements for agencies and contractors to become crypto-agile and PQC-ready. Released in September of 2022, it is designed to transition the U.S. government and defense systems to post-quantum cryptography. Its core requirement is to identify where RSA, ECC and other vulnerable public-key algorithms are used, then prioritize migration to post-quantum alternatives identified by NIST. By Jan 1, 2027, all agencies must use the new post-quantum algorithms identified in CNSA 2.0. In November 2025, the DoW issued guidance to inventory cryptographic systems, prohibiting unapproved PQC tools, and requiring approval for any quantum-resistant technologies. CNSA 2.0 is considered one of the most significant cybersecurity modernization efforts in decades.
Mandatory Compliance
The NSA has laid out a firm transition schedule for agencies and contractors:
- September 7, 2022: Release of CNSA 2.0 mandating government-wide PQC migration by 2025
- January 1, 2027: Any newly acquired products or services supporting National Security Systems must be capable of using CNSA 2.0 algorithms.
- December 31, 2030: Older equipment and services that are unable to operate with CNSA 2.0 need to be retired.
- January 2, 2030: Transport Layer Security (TLS) 1.3 or successor must be supported across NSS and non-NSS systems.
- December 31, 2031: CNSA 2.0 becomes the default requirement for all cryptographic implementations in NSS, except where explicit waivers apply.
- January 1, 2035: National Security Systems are expected to complete the shift to quantum-resistant cryptography
Funding, Incentives, and Procurement Channels
Federal spending on PQC migration is estimated at $7.1 billion from 2025 to 2035; funds are unlikely to come from a single PQC line item and will likely appear through modernization budgets, cyber and quantum programs, and standard contract vehicles. Last month, the Department of Commerce signed Letters of Intent with nine companies under the CHIPS and Science Act, totaling $2 Billion in federal incentives to advance scalable quantum technologies. A bill was also introduced in January 2026 that would extend the National Quantum Initiative timeline through 2034. If passed, $85 million would annually fund NIST’s QIST research and consortium efforts and $25 million for NASA’s QIST research, from FY26 through FY34.
Importantly, the National Defense Authorization Act (NDAA) FY27, still working its way through Congress, includes provisions for quantum and PQC activities that would be channeled through the NSA’s cybersecurity modernization, DOW CIO zero-trust related RDT&E, DARPA RDT&E and military service branches’ networks and systems modernization related activities.
GSA has also directed agencies to contract vehicles such as the Multiple Award Schedule - IT Category, Alliant 2 and 8(a) STARS III. Agencies can also use GSA’s Market Research as a Service (MRAS) to leverage vendor capabilities and industry support.
Implications for IT Companies
With the January 1, 2027 deadline just seven months away, CNSA 2.0 highlights the urgency for IT companies to take the lead in PQC modernization, supporting federal agencies' security compliance. IT companies selling to the federal market should view PQC as an immediate priority rather than a future consideration. Essential areas of requirements include:
- Cryptographic inventory
- Public Key Infrastructure modernization
- Crypto-agile infrastructure
- AI-assisted migration planning
- Translating policy into execution
- Hardware replacement planning
Position for Competitive Advantage
Vendors and partners can differentiate by being execution-focused and mission-emphasized. Agencies will look for IT companies that help them navigate complexity in transition, particularly connect policy, risk signals to migration implementation (requirements, standards and timeline). A strong sales strategy includes leading with practical transition steps, transparency and offerings that support crypto-agility over time.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Toan Le is a Senior Market Insights Analyst on the DLT Market Insights team covering DOD and IC domain-centric trends across the Public Sector.
Related Blog Posts
Cybersecurity, Data & Storage, Market Intelligence, Technology
Reshaping Federal Logging Requirements As of late May, 2026, logging requirements for federal agencies will shift from a volume-driven mindset to a risk-based logging approach. The previous logging requirements published in 2021 via OMB Memo M-21-31 have been rescinded with the publication of OMB’s latest memo M-26-14, calling the logging of cyber incidents across federal agencies to include both Continuous Event Monitoring (CEM) and Threat Hunting, Investigation, Response and Forensics (THIRF).
Jennifer Miller
Cybersecurity, Data & Storage, Market Intelligence, Technology
Reshaping Federal Logging Requirements As of late May, 2026, logging requirements for federal agencies will shift from a volume-driven mindset to a risk-based logging approach. The previous logging requirements published in 2021 via OMB Memo M-21-31 have been rescinded with the publication of OMB’s latest memo M-26-14, calling the logging of cyber incidents across federal agencies to include both Continuous Event Monitoring (CEM) and Threat Hunting, Investigation, Response and Forensics (THIRF).
Jennifer Miller
Cybersecurity, Data & Storage, Market Intelligence, Technology
Reshaping Federal Logging Requirements As of late May, 2026, logging requirements for federal agencies will shift from a volume-driven mindset to a risk-based logging approach. The previous logging requirements published in 2021 via OMB Memo M-21-31 have been rescinded with the publication of OMB’s latest memo M-26-14, calling the logging of cyber incidents across federal agencies to include both Continuous Event Monitoring (CEM) and Threat Hunting, Investigation, Response and Forensics (THIRF).
Jennifer Miller
Cybersecurity, Data & Storage, Market Intelligence, Technology
Navigating the Latest CISA Guidance on Agentic AIThe Cybersecurity and Infrastructure Security Agency (CISA), along with the NSA and international partners, recently issued guidance for the Careful Adoption of Agentic Artificial Intelligence (AI) Services.
Tashmita Elias
Cybersecurity, Data & Storage, Market Intelligence, Technology
Navigating the Latest CISA Guidance on Agentic AIThe Cybersecurity and Infrastructure Security Agency (CISA), along with the NSA and international partners, recently issued guidance for the Careful Adoption of Agentic Artificial Intelligence (AI) Services.
Tashmita Elias
Cybersecurity, Data & Storage, Market Intelligence, Technology
Navigating the Latest CISA Guidance on Agentic AIThe Cybersecurity and Infrastructure Security Agency (CISA), along with the NSA and international partners, recently issued guidance for the Careful Adoption of Agentic Artificial Intelligence (AI) Services.
Tashmita Elias
Federal Government, Market Intelligence, State & Local Government, Technology
On May 7, 2026, the FEMA Review Council released its final report recommending a substantial shift in how disaster preparedness, response and recovery are managed nationwide.
Yvonne Maffia
Federal Government, Market Intelligence, State & Local Government, Technology
On May 7, 2026, the FEMA Review Council released its final report recommending a substantial shift in how disaster preparedness, response and recovery are managed nationwide.
Yvonne Maffia
Federal Government, Market Intelligence, State & Local Government, Technology
On May 7, 2026, the FEMA Review Council released its final report recommending a substantial shift in how disaster preparedness, response and recovery are managed nationwide.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence, State & Local Government
As we approach Sled Fiscal Year End (SFYE), SLED agencies are balancing budgets in a constrained environment, addressing rising constituent expectations, tackling growing cybersecurity challenges and supporting accelerated AI adoption.For industry, this confluence of factors creates both complexity and opportunity. In today’s environment, success in SLED comes down to connecting IT investments to clear and measurable ROI in operational efficiency, modernization, resilience and cost savings.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence, State & Local Government
As we approach Sled Fiscal Year End (SFYE), SLED agencies are balancing budgets in a constrained environment, addressing rising constituent expectations, tackling growing cybersecurity challenges and supporting accelerated AI adoption.For industry, this confluence of factors creates both complexity and opportunity. In today’s environment, success in SLED comes down to connecting IT investments to clear and measurable ROI in operational efficiency, modernization, resilience and cost savings.
Yvonne Maffia
Cybersecurity, Education, Federal Government, Healthcare, Market Intelligence, State & Local Government, Technology
At this year’s Red, White and You conference, our market intelligence team detailed the ins and outs of what we’re seeing across the public sector. Throughout the sessions, one theme became clear: while success in the public sector market used to rely heavily on institutional knowledge and long-standing relationships, agency buying cycles, and slower opportunity development, the market this year looks different. It’s faster, calling for more efficiency, innovation and cost-optimization.
Susanna Patten
Cybersecurity, Education, Federal Government, Healthcare, Market Intelligence, State & Local Government, Technology
At this year’s Red, White and You conference, our market intelligence team detailed the ins and outs of what we’re seeing across the public sector. Throughout the sessions, one theme became clear: while success in the public sector market used to rely heavily on institutional knowledge and long-standing relationships, agency buying cycles, and slower opportunity development, the market this year looks different. It’s faster, calling for more efficiency, innovation and cost-optimization.
Susanna Patten
Cybersecurity, Education, Federal Government, Healthcare, Market Intelligence, State & Local Government, Technology
At this year’s Red, White and You conference, our market intelligence team detailed the ins and outs of what we’re seeing across the public sector. Throughout the sessions, one theme became clear: while success in the public sector market used to rely heavily on institutional knowledge and long-standing relationships, agency buying cycles, and slower opportunity development, the market this year looks different. It’s faster, calling for more efficiency, innovation and cost-optimization.
Susanna Patten
Cybersecurity, Education, Federal Government, Healthcare, Market Intelligence, State & Local Government, Technology
At this year’s Red, White and You conference, our market intelligence team detailed the ins and outs of what we’re seeing across the public sector. Throughout the sessions, one theme became clear: while success in the public sector market used to rely heavily on institutional knowledge and long-standing relationships, agency buying cycles, and slower opportunity development, the market this year looks different. It’s faster, calling for more efficiency, innovation and cost-optimization.
Susanna Patten
Cybersecurity, Data & Storage, Federal Government, Market Intelligence
More than 15 years ago, the DoW formally elevated cyber pursuits to the same strategic level as sea, land, air and space. This acknowledgement shifted cybersecurity from risk management to a national defense need, underscoring the importance of protecting the DoW’s defense infrastructure and networks. Defense cybersecurity challenges have since evolved into a multi-domain conflict, particularly with China and Russia - both aiming to infiltrate digital assets.
Toan Le
Cybersecurity, Data & Storage, Federal Government, Market Intelligence
More than 15 years ago, the DoW formally elevated cyber pursuits to the same strategic level as sea, land, air and space. This acknowledgement shifted cybersecurity from risk management to a national defense need, underscoring the importance of protecting the DoW’s defense infrastructure and networks. Defense cybersecurity challenges have since evolved into a multi-domain conflict, particularly with China and Russia - both aiming to infiltrate digital assets.
Toan Le
Cybersecurity, Data & Storage, Federal Government, Market Intelligence
More than 15 years ago, the DoW formally elevated cyber pursuits to the same strategic level as sea, land, air and space. This acknowledgement shifted cybersecurity from risk management to a national defense need, underscoring the importance of protecting the DoW’s defense infrastructure and networks. Defense cybersecurity challenges have since evolved into a multi-domain conflict, particularly with China and Russia - both aiming to infiltrate digital assets.
Toan Le
Cloud, Cybersecurity, Federal Fiscal Year End, Market Intelligence, Technology
The FY27 federal budget request was released on April 3rd, and is providing an initial look at the momentum and impact IT investments will have in the coming years.The Department of War’s unprecedented $1.5T request underscores attention on national security and pushing towards next-generation warfighting capabilities, while across the whole of government, there is expected to be a continued mandate to drive efficiency, consolidate systems and align technology investments with administration priorities.
Nikki Hamlin
Cloud, Cybersecurity, Federal Fiscal Year End, Market Intelligence, Technology
The FY27 federal budget request was released on April 3rd, and is providing an initial look at the momentum and impact IT investments will have in the coming years.The Department of War’s unprecedented $1.5T request underscores attention on national security and pushing towards next-generation warfighting capabilities, while across the whole of government, there is expected to be a continued mandate to drive efficiency, consolidate systems and align technology investments with administration priorities.
Nikki Hamlin
Cloud, Cybersecurity, Federal Fiscal Year End, Market Intelligence, Technology
The FY27 federal budget request was released on April 3rd, and is providing an initial look at the momentum and impact IT investments will have in the coming years.The Department of War’s unprecedented $1.5T request underscores attention on national security and pushing towards next-generation warfighting capabilities, while across the whole of government, there is expected to be a continued mandate to drive efficiency, consolidate systems and align technology investments with administration priorities.
Nikki Hamlin
IT Infrastructure, Market Intelligence, Technology
On a typical day in 2024, the Defense Health Agency (DHA) reported the military health system (MHS) encountered 164,000 patients and 205,000 procedures across military hospitals and medical clinics globally. Assuming this pace continues throughout the fiscal year, MHS is estimated to have managed 60 million occurrences in FY25. The sheer volume of data generated across the MHS is immense. Optimizing this data is critical for clinicians and healthcare providers to support the health and readiness of service members.
Toan Le
IT Infrastructure, Market Intelligence, Technology
On a typical day in 2024, the Defense Health Agency (DHA) reported the military health system (MHS) encountered 164,000 patients and 205,000 procedures across military hospitals and medical clinics globally. Assuming this pace continues throughout the fiscal year, MHS is estimated to have managed 60 million occurrences in FY25. The sheer volume of data generated across the MHS is immense. Optimizing this data is critical for clinicians and healthcare providers to support the health and readiness of service members.
Toan Le
AI, IT Infrastructure, Market Intelligence, Technology, Transportation
In June 2025, Texas signed the Responsible Artificial Intelligence Governance Act into law, outlining statutory requirements for the state’s use of AI. In response to this, the Texas Department of Transportation (TxDOT) released an updated Artificial Intelligence Strategic Plan in January 2026.
Austin Gardner
AI, IT Infrastructure, Market Intelligence, Technology, Transportation
In June 2025, Texas signed the Responsible Artificial Intelligence Governance Act into law, outlining statutory requirements for the state’s use of AI. In response to this, the Texas Department of Transportation (TxDOT) released an updated Artificial Intelligence Strategic Plan in January 2026.
Austin Gardner
Market Intelligence, Technology
The Air Force (DAF) has been aggressively pushing for the modernization of its networks, legacy systems, and software; in line with these efforts is an equally robust acquisition overhaul designed to speed up procurement of everything it buys, from weapon systems to cloud services and digital applications. For IT companies, this shift is creating new opportunities but also means new expectations, greater competition, and challenges.
Toan Le
Market Intelligence, Technology
The Air Force (DAF) has been aggressively pushing for the modernization of its networks, legacy systems, and software; in line with these efforts is an equally robust acquisition overhaul designed to speed up procurement of everything it buys, from weapon systems to cloud services and digital applications. For IT companies, this shift is creating new opportunities but also means new expectations, greater competition, and challenges.
Toan Le
Federal Government, IT Infrastructure, Market Intelligence, Technology
In mid-March, AFCEA NOVA hosted the Naval IT Day in Chantilly, Virginia with the core message on how Navy and Marine Corps digital priorities are enabling the naval force. The message was clear, IT is not just a necessary function, it is a mission-critical warfighting capability.
Nikki Hamlin
Federal Government, IT Infrastructure, Market Intelligence, Technology
In mid-March, AFCEA NOVA hosted the Naval IT Day in Chantilly, Virginia with the core message on how Navy and Marine Corps digital priorities are enabling the naval force. The message was clear, IT is not just a necessary function, it is a mission-critical warfighting capability.
Nikki Hamlin
Federal Government, IT Infrastructure, Market Intelligence, Technology
In mid-March, AFCEA NOVA hosted the Naval IT Day in Chantilly, Virginia with the core message on how Navy and Marine Corps digital priorities are enabling the naval force. The message was clear, IT is not just a necessary function, it is a mission-critical warfighting capability.
Nikki Hamlin
Cybersecurity, Market Intelligence, Technology
In early March, the White House released the National Cybersecurity Strategy, outlining a six-pillar framework designed to guide federal cyber policy, investment, and operational priorities over the coming years.
Nikki Hamlin
Cybersecurity, Market Intelligence, Technology
In early March, the White House released the National Cybersecurity Strategy, outlining a six-pillar framework designed to guide federal cyber policy, investment, and operational priorities over the coming years.
Nikki Hamlin
Cybersecurity, Market Intelligence, Technology
In early March, the White House released the National Cybersecurity Strategy, outlining a six-pillar framework designed to guide federal cyber policy, investment, and operational priorities over the coming years.
Nikki Hamlin
Cybersecurity, IT Infrastructure, Market Intelligence, State & Local Government, Technology
During this year’s Smart Cities Connect Conference and Expo in Raleigh, NC, one topic garnered considerable attention: AI. Within many city governments, AI is past experimentation and has moved into production. In 2026, city IT leaders are prioritizing safe, secure, and data-driven AI deployments that deliver measurable outcomes in mobility, public safety, infrastructure management, and climate resilience.However, as cities move toward operational AI, challenges exist around data readiness, governance, and integration across departments.
Yvonne Maffia
Cybersecurity, IT Infrastructure, Market Intelligence, State & Local Government, Technology
During this year’s Smart Cities Connect Conference and Expo in Raleigh, NC, one topic garnered considerable attention: AI. Within many city governments, AI is past experimentation and has moved into production. In 2026, city IT leaders are prioritizing safe, secure, and data-driven AI deployments that deliver measurable outcomes in mobility, public safety, infrastructure management, and climate resilience.However, as cities move toward operational AI, challenges exist around data readiness, governance, and integration across departments.
Yvonne Maffia
Cybersecurity, IT Infrastructure, Market Intelligence, State & Local Government, Technology
During this year’s Smart Cities Connect Conference and Expo in Raleigh, NC, one topic garnered considerable attention: AI. Within many city governments, AI is past experimentation and has moved into production. In 2026, city IT leaders are prioritizing safe, secure, and data-driven AI deployments that deliver measurable outcomes in mobility, public safety, infrastructure management, and climate resilience.However, as cities move toward operational AI, challenges exist around data readiness, governance, and integration across departments.
Yvonne Maffia
AI, Education, Market Intelligence, State & Local Government, Technology
In 2023, California Governor Gavin Newsom signed Executive Order N-12-23, directing state government institutions to utilize AI. These state entities are now beginning to move from the theoretical planning phase into the deployment phase with concrete plans.
Austin Gardner
AI, Education, Market Intelligence, State & Local Government, Technology
In 2023, California Governor Gavin Newsom signed Executive Order N-12-23, directing state government institutions to utilize AI. These state entities are now beginning to move from the theoretical planning phase into the deployment phase with concrete plans.
Austin Gardner
AI, Cybersecurity, Education, Market Intelligence, State & Local Government
This year’s Beyond the Beltway conference highlighted key strategic findings from IT leaders that signal where 2026 technology investments will be made and where to focus efforts for success. In 2026, state and local governments are at an inflection point: with rising expectations evolving alongside tightening budgets, staffing and timelines, success will depend on alignment of solutions to modernization requirements, workforce challenges and measurable ROI-driven outcomes.
Yvonne Maffia
AI, Cybersecurity, Education, Market Intelligence, State & Local Government
This year’s Beyond the Beltway conference highlighted key strategic findings from IT leaders that signal where 2026 technology investments will be made and where to focus efforts for success. In 2026, state and local governments are at an inflection point: with rising expectations evolving alongside tightening budgets, staffing and timelines, success will depend on alignment of solutions to modernization requirements, workforce challenges and measurable ROI-driven outcomes.
Yvonne Maffia
Cybersecurity, Federal Government, Infrastructure, Market Intelligence, Technology
The Golden Fleet, a US Navy initiative introduced by the administration in December of 2025, aims to revitalize the US shipbuilding industry, develop and sustain a new class of naval fleet and change how it does business to rapidly address maritime threats, particularly from China, in the Indo-Pacific region. The first frigate is planned for full operation in 2028.
Toan Le
Cybersecurity, Federal Government, Infrastructure, Market Intelligence, Technology
The Golden Fleet, a US Navy initiative introduced by the administration in December of 2025, aims to revitalize the US shipbuilding industry, develop and sustain a new class of naval fleet and change how it does business to rapidly address maritime threats, particularly from China, in the Indo-Pacific region. The first frigate is planned for full operation in 2028.
Toan Le
Cybersecurity, Federal Government, Infrastructure, Market Intelligence, Technology
The Golden Fleet, a US Navy initiative introduced by the administration in December of 2025, aims to revitalize the US shipbuilding industry, develop and sustain a new class of naval fleet and change how it does business to rapidly address maritime threats, particularly from China, in the Indo-Pacific region. The first frigate is planned for full operation in 2028.
Toan Le
Cybersecurity, Federal Government, Infrastructure, Market Intelligence, Technology
The Golden Fleet, a US Navy initiative introduced by the administration in December of 2025, aims to revitalize the US shipbuilding industry, develop and sustain a new class of naval fleet and change how it does business to rapidly address maritime threats, particularly from China, in the Indo-Pacific region. The first frigate is planned for full operation in 2028.
Toan Le
Federal Government, Market Intelligence
One-Year Money (e.g., O&M, MILPERS)Funds must be obligated during the fiscal year in which they were appropriated. If O&M is appropriated for FY26, it must be obligated by September 30, 2026. After that, it expires for new obligations. This drives the well-known fourth quarter execution surge.
Lloyd McCoy
Federal Government, Market Intelligence
One-Year Money (e.g., O&M, MILPERS)Funds must be obligated during the fiscal year in which they were appropriated. If O&M is appropriated for FY26, it must be obligated by September 30, 2026. After that, it expires for new obligations. This drives the well-known fourth quarter execution surge.
Lloyd McCoy
Federal Government, Market Intelligence, Technology
If you’ve been part of the defense industrial base (DIB) or are looking to support the DoW, it should come as no surprise that AI is now seeing actionable impact in day-to-day operations. Strategically, AI is essential in warfighting decision-making, analyzing data and enhancing operational logistics. The Army in particular has started incorporating AI solutions across a number of elements outlined below, on the heels of several new strategy announcements and initiatives.
Toan Le
Federal Government, Market Intelligence, Technology
If you’ve been part of the defense industrial base (DIB) or are looking to support the DoW, it should come as no surprise that AI is now seeing actionable impact in day-to-day operations. Strategically, AI is essential in warfighting decision-making, analyzing data and enhancing operational logistics. The Army in particular has started incorporating AI solutions across a number of elements outlined below, on the heels of several new strategy announcements and initiatives.
Toan Le
Federal Government, Market Intelligence, Technology
If you’ve been part of the defense industrial base (DIB) or are looking to support the DoW, it should come as no surprise that AI is now seeing actionable impact in day-to-day operations. Strategically, AI is essential in warfighting decision-making, analyzing data and enhancing operational logistics. The Army in particular has started incorporating AI solutions across a number of elements outlined below, on the heels of several new strategy announcements and initiatives.
Toan Le
Cybersecurity, IT Perspective, Market Intelligence, Technology
In early February, Chief of Naval Operations Admiral Daryl Caudle unveiled the details of the US Navy’s 2026 Hedge Strategy. As the Navy is facing a great power competition, rapid technological change and strain on the defense industrial base, it is critical to adapt an innovative operational and strategic approach to maintain adversarial advantage. The strategy shifts away from dominance by mass towards a risk-balanced operational approach that has asymmetric, combat-ready capability. In other words, they are “hedging their bets” on more tailored capabilities and nimble operations.
Nikki Hamlin