NIST CSWP 39
Cryptographic Agility Guide
NIST CSWP 39 is the definitive framework for achieving cryptographic agility - the capability to replace and adapt cryptographic algorithms for post-quantum readiness.
This guide covers implementation strategies, CAMM maturity tiers, and CNSA 2.0 compliance timelines. First findings in 72 hours.
New systems must be post-quantum compliant by January 1, 2027
Migration Reality: Enterprise PQC migration takes 5-15 years. Starting in 2026 means completion between 2031-2041. Late starts exponentially raise cost and risk.
CNSA 2.0 requires new systems to be PQC compliant
Source: NSA CNSA 2.0CVSS 7.0+ vulnerabilities identified
Source: Qryptonic 2023-2026Rapid visibility without operational disruption
PQC migration is a fraction of this
Source: IBM Security 2024What is NIST CSWP 39?
A practical framework that tells organizations exactly what 'quantum-ready' means - and how to prove it.
In Plain English
NIST CSWP 39 (Cybersecurity White Paper 39), titled “Considerations for Achieving Cryptographic Agility,” was published by NIST in December 2025. It is the definitive U.S. government framework for organizations to achieve cryptographic agility.
Unlike previous guidance that focused solely on algorithms, CSWP 39 asks:
- Can you find all your encryption?
- Can you prioritize what to fix first?
- Can you measure your progress?
- Can you swap algorithms when needed?
- Can you prove all this to auditors?
What CSWP 39 Changes
Algorithms will evolve. Your systems must too.
Executive accountability is now explicit.
Discovery alone is not maturity.
Claims without proof do not count.
Harvest Now, Decrypt Later
Understanding the threat that makes this urgent - even before quantum computers arrive.
Harvest
Adversaries intercept and collect your encrypted data today
Think of it like someone photocopying your locked safe. They cannot open it yet, but they have an exact copy.
Store
Encrypted data is archived, waiting for future capabilities
That copied safe sits in their warehouse. Storage is cheap. Time is on their side.
Decrypt
When quantum computing matures, stored data is decrypted
Once they have a quantum "master key," every copied safe opens instantly. Your 2024 secrets become 2030 headlines.
Data Already at Risk
Assess Your HNDL Risk
Calculate your organization's exposure to harvest-now-decrypt-later attacks based on your data sensitivity, retention requirements, and current encryption.
Post-Quantum Cryptography Timeline
Key deadlines are closer than they appear. Migration takes time you may not have.
- Jan 2027Urgent
CNSA 2.0 New Systems
All new deployments must be post-quantum compliant
- ~2029Urgent
Q-Day Risk Window
5-14% probability of cryptographically-relevant quantum computers
- Dec 2030
NSS Full Migration
National Security Systems completely migrated
- Jan 2031
NIST Algorithm Deprecation
112-bit security public-key schemes disallowed
Migration Timeline Reality
Assessment + Planning + Migration = 12-18 months minimum. Late starts compress timelines and exponentially raise cost and operational risk. Organizations starting now preserve options and control.
Required Capabilities
CSWP 39 defines six capabilities organizations must demonstrate. Here is what they mean in practice.
Automated Discovery
Know where all your encryption lives
You cannot protect what you cannot find. Manual audits miss 40-60% of cryptographic assets.
Risk-Based Prioritization
Fix the most dangerous gaps first
Not all encryption is equal. Customer data in databases matters more than internal wiki encryption.
Continuous Measurement
Track progress, catch drift
Cryptographic posture changes every time you deploy code or update a library.
Agility Testing
Prove you can swap algorithms quickly
If a flaw is found in ML-KEM tomorrow, can you switch to an alternative in weeks, not years?
Executive Reporting
Board-ready metrics and KPIs
CSWP 39 explicitly requires executive accountability. Your board will ask. Regulators will audit.
Machine-Readable Policies
Automation-friendly configurations
Manual policy enforcement does not scale. You need programmatic guardrails.
Crypto Agility Maturity Model (CAMM)
NIST's four-tier framework for assessing organizational readiness. Tier 3 is the minimum for demonstrable compliance.
Reactive
- No formal ownership
- Ad-hoc awareness
- No inventory
Managed
- CISO awareness
- Partial inventory
- Some documentation
Standardized
- Automated discovery
- Continuous monitoring
- Executive KPIs
Adaptive
- Continuous optimization
- Proven agility
- Integrated ERM
What's Your Crypto Agility Maturity?
Answer 6 questions to discover your NIST CSWP 39 maturity tier and get personalized recommendations for your PQC readiness journey.
Do you have a complete inventory of cryptographic assets?
Assessment methodology aligned with NIST CSWP 39 Cryptographic Agility Maturity Model
Industries at Highest Quantum Risk
Organizations with long data retention requirements face the greatest exposure from HNDL attacks.
Financial Services
CriticalAt-risk data: Transaction records, PII, trading algorithms
OCC/FFIEC inventory required 2025
Healthcare & Life Sciences
CriticalAt-risk data: PHI, clinical trials, research IP
10+ year retention creates maximum HNDL exposure
Federal & Defense
MandatedAt-risk data: Classified data, NSS systems
CNSA 2.0 deadline 2027, full migration 2030
Technology & Manufacturing
HighAt-risk data: Trade secrets, source code, product roadmaps
Competitive value extends 5-10 years
Our Approach to CSWP 39 Compliance
A structured path from uncertainty to compliance, with clear outcomes at every stage.
Q-Scout
7-Day Readiness Review
- Enterprise-wide cryptographic inventory
- First findings in 72 hours
- Zero-downtime methodology
Q-Solve
Migration Planning
- Dependency and impact analysis
- Risk-based prioritization
- Audit-ready documentation
Q-Strike
Adversarial Validation
- Real quantum hardware testing
- Machine learning-accelerated discovery
- Exploit proof-of-concepts
NIST CSWP 39 Frequently Asked Questions
Expert answers to common questions about cryptographic agility and PQC migration.
It is a framework that tells organizations how to prepare for quantum computers breaking current encryption. Think of it as a maturity checklist: Can you find all your encryption? Can you measure your progress? Can you prove readiness to regulators? CSWP 39 defines four levels of readiness, from "we have not started" to "we can adapt to new threats automatically."
The first hard deadline is January 1, 2027 for new system deployments (CNSA 2.0). But here is the catch: assessment, planning, and migration take 12-18 months minimum. If you start in late 2026, you will miss it. Organizations starting now have budget flexibility and avoid the vendor crunch.
Adversaries are recording encrypted data today, betting they can decrypt it when quantum computers mature. If your data needs to stay secret for 5+ years (M&A records, healthcare data, trade secrets), it is already at risk. The theft happened. The breach just has not been disclosed yet.
It is the ability to swap encryption algorithms without rewriting your applications. Think of it like USB: you do not care what brand of flash drive you plug in because the interface is standardized. Crypto-agile systems can switch from one algorithm to another when threats evolve.
CAMM is NIST's four-tier framework: Tier 1 (Reactive) has ad-hoc management, Tier 2 (Managed) has documented processes, Tier 3 (Standardized) has automated discovery and monitoring, Tier 4 (Adaptive) has continuous improvement. Most organizations need to reach Tier 3 minimum for compliance.
ML-KEM (FIPS 203) is the NIST-standardized post-quantum algorithm for key exchange, replacing RSA and ECDH. ML-DSA (FIPS 204) is for digital signatures, replacing RSA and ECDSA signatures. These lattice-based algorithms are the foundation of post-quantum cryptography (PQC) cryptography.
Research indicates: small enterprises take 5-7 years, medium enterprises 8-12 years, large enterprises 12-15+ years. Starting migration in 2026 means completion between 2031-2041 for most organizations - potentially exceeding regulatory deadlines.
Q-Scout gives you a complete picture in 7 days, with first findings in 72 hours. A full migration roadmap takes about 8 weeks. Actual migration depends on your complexity, but most enterprises complete critical systems in 12-18 months.
For Q-Strike adversarial validation engagements: if we cannot demonstrate exploitable quantum vulnerabilities in your environment, we refund the engagement fee and pay you $2M. We have never had to pay it. Our methodology has identified 2,300+ critical findings.
NIST CSWP 39 proposes: (1) Strong Governance with executive sponsorship, (2) Asset Inventory with automated discovery, (3) Automation for continuous monitoring and remediation, (4) Risk-Based Prioritization focusing on highest-risk systems.
Ready to Achieve
Cryptographic Agility?
Late starts compress timelines and exponentially raise cost and operational risk. Start your NIST CSWP 39 implementation journey with a 30-minute scoping call.
About the Author
Qryptonic Security Research
Our research team includes former CISA and CIA leadership with decades of national security operational experience. Qryptonic has identified over 2,300 critical cryptographic vulnerabilities across Fortune 500 client engagements and maintains active research partnerships with leading quantum computing platforms.