CISA has published an initial “shopping-list style” guide that groups hardware and software product categories by whether they already support, or are expected to soon support, post-quantum cryptography (PQC)—encryption designed to remain secure even when powerful quantum computers arrive. The goal is practical: help organizations plan long, complex crypto migrations by making procurement easier (“when you buy in these categories, prefer PQC-capable products”). The resource is tied to a June 2025 executive order directing DHS/CISA to identify widely available PQC-supporting product categories, and CISA says it will update the list regularly as the market changes.

In plain terms, the list focuses on technologies that use public-key crypto for the two big building blocks of secure systems: key establishment (setting up encrypted communications) and digital signatures (proving software/data authenticity). It highlights broad areas like cloud services, web software (browsers/servers), networking hardware and software (routers, firewalls, switches, DNS/SDN), identity and access management (PKI, identity providers, HSMs/tokens), endpoint security (disk encryption, password managers, anti-malware), and enterprise security platforms (IDS/SIEM/CDM). CISA’s message is essentially: once PQC is widely available in a category you rely on, make PQC support a default requirement—so you’re not stuck with “quantum-fragile” purchases that you’ll have to rip and replace later.

Source: https://industrialcyber.co/cisa/cisa-publishes-initial-list-of-hardware-and-software-categories-supporting-post-quantum-cryptography-to-guide-adoption/