Standards. Deadlines. Procurement signals.

NIST's three finalized post-quantum standards divide cleanly by function. FIPS 203 specifies ML-KEM (the Module-Lattice Key Encapsulation Mechanism, derived from CRYSTALS-Kyber) for key establishment — the operation that protects TLS, VPN, SSH, and any session-setup handshake. FIPS 204 specifies ML-DSA (Module-Lattice Digital Signature Algorithm, derived from CRYSTALS-Dilithium) for general-purpose digital signatures — TLS certificates, JWTs, document signing. FIPS 205 specifies SLH-DSA (Stateless Hash-Based Digital Signature Algorithm, derived from SPHINCS+) for conservative long-lived signing — root CAs, firmware, code signing, long-lived trust anchors where algorithm diversity matters.

Operational size table

The size delta is the operational story. ML-DSA-87 signatures are roughly 18× the size of an RSA-2048 signature; SLH-DSA signatures are 30×+. This is the root cause of the MTU, PKI chain, and firewall compatibility problems that dominate early deployment experience. See the IT Technicians briefing for the operator-level checklist before the change window opens.

The phased timeline tracked by the procurement and engineering community is CNSA 2.0's. Even organizations not bound by it as a federal mandate use it as the de facto vendor roadmap because that is what vendor product managers are scheduling against.

The companion policy stack: NSM-10 (May 2022) sets the 2035 horizon and directs federal PQC migration. OMB M-23-02 requires annual federal-agency inventory of quantum-vulnerable systems through 2035. The Quantum Computing Cybersecurity Preparedness Act (QCCPA, December 2022) gives statutory authority to OMB's mandates. Private-sector regulated industries should expect sector regulators to mirror these requirements within a one-to-three-year lag — financial services, healthcare, and critical infrastructure first.

Five signal sources warrant active monitoring. They move on different cadences; treat the monthly review as a chance to scan each one rather than wait for any single source to push.

Active signals to monitor

• CISA Product Categories. January 2026 baseline list of PQC-capable categories. Expect periodic additions and minor revisions. The list is the procurement-side reference.
• NIST IR 8547. The transition-timeline document. In initial public draft as of November 2024. Finalization will sharpen the deprecation calendar.
• NSA CNSA 2.0 FAQ. Active FAQ thread covering hybrid acceptance, parameter mandates, exemption posture. Watch the NIST PQC-Forum mailing list for revisions.
• Vendor GA cadence. Cisco, Palo Alto, Microsoft, AWS, Google, Apple are each releasing PQC support across product families on independent schedules. AWS KMS, Azure Key Vault, GCP Cloud KMS each expose hybrid TLS and PQC primitives unevenly across services.
• Cryptanalytic research compression. Periodic academic papers (recent Google / Caltech work as case study) revise the resource estimate for breaking RSA. None has shifted the operational planning calendar so far, but the trend is toward lower resource requirements.

Maintenance posture for this page

• Cadence. Monthly review of the timeline table and signals list.
• Triggers for an off-cycle revision. Any of: CISA category-list update, NIST IR 8547 finalization, NSA CNSA 2.0 FAQ revision, major-vendor PQC GA announcement, documented CRQC capability milestone.
• Versioning. Stamp the "Last reviewed" date and the page version on every revision. Tag content changes that affect a primary recommendation (date, parameter, deadline) in the page change log.