Post Quantum Cybersecurity Standards Act
Summary
What This Bill Does
The Post Quantum Cybersecurity Standards Act prepares critical systems for quantum-computing threats to current encryption. It adds definitions for critical infrastructure, post-quantum cryptography, and sector risk management agencies to the National Quantum Initiative Act. It directs the National Institute of Standards and Technology, in consultation with the Secretary of Homeland Security and sector risk management agencies, to promote voluntary adoption and deployment of post-quantum cryptography standards. NIST must make guidance and resources publicly available, provide technical assistance where practicable to high-risk entities such as critical infrastructure and digital infrastructure providers, and take other steps needed to promote deployment across the United States. After NIST issues standards and subject to appropriations, the Director may create a grant program to help high-risk entities adopt post-quantum cryptography and remediate quantum-related vulnerabilities. The bill also adds post-quantum cryptography to cybersecurity research under the Cyber Security Research and Development Act.
Who Benefits and How
Critical infrastructure operators benefit from NIST guidance, technical assistance, and potential grant funding for post-quantum migration. Digital infrastructure providers benefit from help remediating quantum-related vulnerabilities before cryptographically relevant quantum computers become practical. Post-quantum cybersecurity vendors benefit from clearer Federal demand for standards, tools, and implementation services. National Science Foundation research grantees benefit because post-quantum cryptography is added to cybersecurity research authority. The Cybersecurity and Infrastructure Security Agency benefits from a formal consultation role in grant guidance and deployment support.
Who Bears the Burden and How
The National Institute of Standards and Technology must publish guidance, provide technical assistance, and potentially administer a grant program. CISA and sector risk management agencies must consult on program guidance and coordinate with high-risk sectors. Critical infrastructure operators receiving grants must apply for funding, disclose required information, and spend funds on standards adoption or vulnerability remediation. Federal taxpayers bear the cost of any appropriated grant funding. Organizations with legacy cryptography bear migration costs even when adoption is voluntary.
Key Provisions
- Adds definitions for critical infrastructure, post-quantum cryptography, and sector risk management agency.
- Directs NIST to promote voluntary adoption and deployment of post-quantum cryptography standards.
- Requires public guidance, resources, and practicable technical assistance for high-risk entities.
- Authorizes a NIST grant program for adoption of post-quantum standards and remediation of quantum-related vulnerabilities.
- Requires consultation with CISA, sector risk management agencies, and private-sector representatives on grant guidance.
- Adds post-quantum cryptography to cybersecurity research authority.
Evidence Chain:
This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.
At a Glance
What This Bill Does
Adds post-quantum cryptography definitions and deployment duties to the National Quantum Initiative Act, directs NIST to promote voluntary adoption of post-quantum standards with Homeland Security and sector risk-management agencies, authorizes technical assistance grants for high-risk entities, and adds post-quantum cryptography to cybersecurity research.
Key Policy Areas
Cybersecurity, Quantum Technology, Critical Infrastructure, Federal Grants
Primary Purpose
Adds post-quantum cryptography definitions and deployment duties to the National Quantum Initiative Act, directs NIST to promote voluntary adoption of post-quantum standards with Homeland Security and sector risk-management agencies, authorizes technical assistance grants for high-risk entities, and adds post-quantum cryptography to cybersecurity research.
Policy Domains
House resolution provisions
Identified Gains
- Critical infrastructure operators
- Digital infrastructure providers
- Post-quantum cybersecurity vendors
- National Science Foundation research grantees
- Cybersecurity and Infrastructure Security Agency
Identified Costs
- National Institute of Standards and Technology
- CISA coordination offices
- Sector risk management agencies
- Critical infrastructure grant recipients
- Federal taxpayers
Sponsors
Legislative Progress
ReportedOrdered to be Reported by the Yeas and Nays: 35 …
Committee Consideration and Mark-up Session Held
Ms. Stevens (for herself and Ms. Tenney) introduced the following …
Referred to the House Committee on Science, Space, and Technology.
Introduced in House
Stakeholder Effects
cui bono?How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.
Cybersecurity and Infrastructure Security Agency, National Institute of Standards and Technology, Sector risk management agencies
Digital infrastructure providers, Post-quantum cybersecurity vendors
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "cisa"
- → Cybersecurity and Infrastructure Security Agency
- "nist"
- → National Institute of Standards and Technology
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology