In September 2022, the National Security Agency (NSA) released the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), its first set of post-quantum cryptographic algorithm recommendations for National Security Systems (NSS). The advisory specified quantum-resistant replacements for legacy public-key algorithms including RSA, Diffie-Hellman, and elliptic curve cryptography.
CNSA 2.0 set a phased transition timeline: new NSS acquisitions must be CNSA 2.0 compliant by January 1, 2027, with full migration across all NSS targeted by 2033 to 2035. The NSA encouraged vendors to begin adopting NIST SP 800-208 hash-based signatures for software and firmware signing immediately. The advisory was issued pursuant to authorities in NSM-8, NSM-10, and CNSSP 15.