NIST, NCCoE, NSA - US

Timeline

  timeline
    by 2027, January 1st    : all new acquisitions for NSS will be required to be CNSA 2.0 compliant
    by December 31, 2030    : all equipment and services that cannot support CNSA 2.0 must be phased out
    after 2030              : Deprecated - ECDSA and RSA for security strength equivalent to 112 bits.
    by December 31, 2031    : CNSA 2.0 algorithms are mandated for use unless otherwise noted.
    after 2035              : Disallowed - ECDSA, EdDSA and RSA for any key length.

Sources

NIST Post-Quantum Cryptography Project

NIST IR 8547 Transition to Post-Quantum Cryptography Standards

NCCoE quantum readiness factsheet

NSA The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ