The Post-Quantum Cryptography Mandate: Building Cryptographically Agile Systems for the Quantum Era

By Rambus Inc.

June 23, 2026

The transition to post-quantum cryptography (PQC) has moved from research planning to operational execution. Federal policy, emerging procurement requirements, and evolving security standards are accelerating the adoption of quantum resistant cryptography across government and critical infrastructure systems.

Recent U.S. government actions, including Executive Order 14409, are accelerating the shift to quantum-resistant cryptography across federal systems and the broader technology supply chain. These mandates establish timelines for adopting PQC-based key establishment and digital signatures, pushing organizations to transition within the next decade.

At the same time, agencies such as CISA are guiding procurement decisions by identifying categories of products that must support post-quantum cryptographic standards, reinforcing that quantum-safe capabilities are becoming a baseline requirement for modern systems.

For semiconductor and system designers, this marks a fundamental shift: quantum-safe security must now be designed in from the start.

Government Direction is Accelerating PQC Adoption

Recent U.S. government actions, including Executive Order 14409, NIST post-quantum cryptography standards, CNSA 2.0 guidance, and broader federal cybersecurity initiatives, are accelerating the transition to quantum -resistant security architectures. What was once viewed as a long-term research effort is rapidly becoming an acquisition, compliance, and modernization priority across government programs.

The shift is particularly significant for defense, aerospace, and critical infrastructure systems, where platforms may remain operational for decades. Security architectures deployed today must ne capable of supporting future cryptographic transitions without requiring extensive hardware redesign or system replacement.

As agencies and industry partners develop post-quantum migration strategies, emphasis is increasingly being placed on cryptographic agility, secure device identity, hardware Root of Trust, and lifecycle security. These capabilities enable organizations to adopt standardized post-quantum algorithms while maintaining flexibility as requirements, threats, and standards continue to evolve.

The Quantum Threat: From Future Risk to Present Reality

The need for post-quantum cryptography is driven by a well-understood risk model. While large-scale quantum computers are not yet capable of breaking today’s encryption, adversaries can already intercept and store encrypted data for future decryption.

This “harvest now, decrypt later” scenario is accelerating adoption of quantum-safe cryptography across government and industry. Federal agencies are already inventorying cryptographic assets and planning migrations based on NIST-standardized PQC algorithms, with long-term plans to phase out quantum-vulnerable encryption methods.

The implication is clear: organizations that delay PQC adoption risk both future data exposure and near-term compliance gaps.

Why PQC Requires Cryptographic Agility

While some PQC algorithms can be deployed through software updates, long-term migration strategies require systems that can adapt as cryptographic standards, threats and requirements evolve.

Post-quantum cryptography introduces larger key sizes and increased computational demands, new algorithm classes (including lattice-based cryptography), changes to secure boot, firmware update, and device identity models, and perhaps most importantly, the need for crypto agility to adapt to evolving standards

These changes fundamentally impact silicon design. Security must now be

• Hardware-based, ensuring trusted execution at the silicon level
• Updatable, allowing PQC algorithms to evolve without redesign
• Certifiable, aligned with FIPS, SESIP, PSA, and government requirements

As a result, the shift to PQC is driving adoption of hardware Root of Trust architectures and cryptographic accelerators.

Explore Rambus IP:

• Fast Quantum Safe Engine for ML-KEM (CRYSTALS-Kyber) and ML-DSA (CRYSTALS-Dilithium)
• Fast Quantum Safe Engine for ML-KEM (CRYSTALS-Kyber) and ML-DSA (CRYSTALS-Dilithium) with DPA

Rambus Quantum-Safe Cryptography IP: A Full-Stack Solution

Rambus provides a comprehensive portfolio of Quantum Safe Cryptography IP designed to enable secure, scalable adoption of PQC across data center, AI, automotive, and edge applications.

Rambus addresses the full PQC stack with integrated solutions including:

• Software libraries for quantum-safe cryptographic algorithms and protocols
• Standalone hardware accelerators for PQC and classical public-key cryptography
• Crypto subsystems combining symmetric, asymmetric, and quantum-safe primitives
• Hardware Root of Trust IP for system-level security enforcement

This portfolio is aligned with NIST PQC standards and CNSA 2.0 requirements, ensuring readiness for emerging regulatory frameworks and recent government mandates.

CryptoManager Security IP: Enabling Crypto Agility and PQC Migration

At the core of Rambus’ offering is the CryptoManager Security IP platform, which provides a flexible architecture for integrating quantum-safe security into system-on-chip (SoC) designs.

Key capabilities include:

• Quantum-safe cryptographic acceleration, supporting both PQC and classical algorithms for hybrid deployments
• Crypto agility, enabling algorithm updates via firmware rather than silicon redesign
• Secure boot with quantum-safe protection, ensuring trusted system initialization
• Integrated Root of Trust functionality, anchoring device identity and lifecycle security
• Protection against physical attacks, including side-channel and fault injection attacks

This architecture allows organizations to deploy hybrid cryptographic solutions today while preparing for full post-quantum cryptography adoption in the future.

Rambus Root of Trust solutions already incorporate NIST-selected PQC algorithms, supporting practical migration strategies across infrastructure and embedded systems.

The shift to post-quantum cryptography is also closely tied to evolving compliance frameworks. Organizations must align with standards such as FIPS 140-3 (cryptographic module validation), SESIP and PSA (IoT and platform security) and ISO 26262 / ISO 21434 (automotive and safety-critical systems).  Rambus Security IP is designed to meet these requirements, helping customers accelerate time-to-certification while reducing integration complexity.

The combination of government mandates, standardized PQC algorithms, and increasing awareness of quantum threats marks a pivotal moment. In preparing for the post-quantum future, organizations should take immediate steps to assess exposure to quantum-vulnerable cryptography, begin adoption of PQC-capable architectures, and ensure new semiconductor and system designs are quantum-safe by design. Early adopters will not only meet regulatory timelines but also gain a competitive advantage in delivering future-proof security solutions.

Rambus: Enabling Quantum-Safe Innovation

Rambus combines deep expertise in cryptography with a forward-looking approach to post-quantum security:

• Proven silicon IP for secure system design
• Broad support for quantum-safe and hybrid cryptography
• Scalable architectures aligned with regulatory and industry standards

As the industry transitions to a quantum-safe future, Rambus enables customers to build systems that are secure, compliant, and resilient—designed to protect data and infrastructure for decades to come.