Sign in Subscribe

compliance

Framework-specific PQC guidance mapping quantum-resistant requirements to HIPAA, SOX, PCI DSS 12.3.3, DORA, NIS2, FedRAMP, and FIPS 140-3.

DORA and NIS2: The PQC Compliance Obligations EU Financial Institutions Cannot Ignore in 2026

DORA and NIS2: The PQC Compliance Obligations EU Financial Institutions Cannot Ignore in 2026

When the European Banking Authority reviews your ICT risk management framework this year, auditors will not ask whether you have a plan to address quantum cryptographic risk. They will ask for your cryptographic inventory, your standards alignment documentation, and your evidence of cryptographic agility - because DORA's Implementing

PQC and PCI DSS 12.3.3: Mapping Quantum-Resistant Requirements for Payment Systems

PQC and PCI DSS 12.3.3: Mapping Quantum-Resistant Requirements for Payment Systems

The March 31, 2025 enforcement deadline for PCI DSS 4.0 Requirement 12.3.3 has passed - and if your organization hasn't already produced a documented cryptographic inventory, assigned monitoring ownership, and formalized a response strategy for vulnerable ciphers, you are already behind on an active audit

PQC and SOX Compliance: What Public Companies Must Prepare For in 2026

PQC and SOX Compliance: What Public Companies Must Prepare For in 2026

TLS 1.0 was never explicitly listed in SOX. Neither was SHA-1. But ask any public company compliance officer who lived through the 2015–2018 deprecation cycle, and they will tell you exactly how fast "industry best practice" becomes an auditor's control deficiency. Post-quantum cryptography is

PQC and HIPAA: What Healthcare Compliance Officers Must Do Before the Security Rule Rewrites the Rules

PQC and HIPAA: What Healthcare Compliance Officers Must Do Before the Security Rule Rewrites the Rules

You are already behind on one encryption overhaul. The proposed HIPAA Security Rule rewrite will convert previously "addressable" ePHI encryption safeguards into hard requirements — and the target finalization date is May 2026.[Federal Register, HIPAA Security Rule NPRM, 2024] If your organization is rebuilding cryptographic controls to meet

FedRAMP and PQC: How to Manage Cryptographic Migration Inside FedRAMP's POA&M Framework

FedRAMP and PQC: How to Manage Cryptographic Migration Inside FedRAMP's POA&M Framework

Your FedRAMP authorization is under pressure from two directions at once. RFC-0026 has not been released or finalized; current FedRAMP RFCs are numbered 0019-0024 as of January 2026, with no RFC-0026 documented.[Government Contracts Legal Forum] Simultaneously, NIST finalized FIPS 203, 204, and 205 in August 2024, giving federal agencies

FIPS 140-3 and PQC: Why No Validated Module Exists Yet and What Compliance Teams Must Do Now

FIPS 140-3 and PQC: Why No Validated Module Exists Yet and What Compliance Teams Must Do Now

Your auditor is going to ask a simple question: does your organization use FIPS 140-3 validated cryptographic modules that support post-quantum algorithms? As of Q1 2026, the honest answer for every organization on earth is no — because no such validated module exists. Zero. Not a single entry on the NIST

Federal PQC Migration Deadlines: What Agencies Actually Face in 2026 and Beyond

Federal PQC Migration Deadlines: What Agencies Actually Face in 2026 and Beyond

Federal PQC Migration Deadlines: What Agencies Actually Face in 2026 and Beyond If your agency is searching for the "2026 federal PQC deadline," here is the most important thing you can read today: no single, universal migration deadline exists for that year. But that correction carries a warning.