In January 2022, the Government Communications Security Bureau (GCSB) released version 3.5 of the New Zealand Information Security Manual (NZISM), the security guidance document used by all New Zealand government agencies. The update included a new section in Chapter 17 (Cryptography) on preparing for the impacts of quantum computing on encryption.
According to the National Cyber Security Centre (NCSC) release notes, the new section advises agencies to gather information about their cryptographically protected assets and start planning for migration to post-quantum cryptographic standards. Agencies are directed to maintain inventories of sensitive datasets with long confidentiality requirements, identify systems using public-key cryptography that are vulnerable to quantum attack, and develop migration plans for when approved post-quantum algorithms become available.
No post-quantum algorithms have yet been approved for NZISM use. The GCSB indicated it will adopt standards once they are published, with references drawing from U.S. National Institute of Standards and Technology (NIST) standards and Department of Homeland Security resources. Version 3.5 replaced the previous edition, NZISM v3.4, which had been released in September 2020.