Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · S. 2558 (Introduced in Senate) — To require the Subcommittee on the Economic and Security Implications of Quantum Information Science to assess possib... · Sec. 3

Sec. 3. Strategy for Federal agency migration to post-quantum cryptography

589 words·~3 min read·/bill/119/s/2558/is/section-3

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 180 days after the date of the enactment of this Act, the Subcommittee on the Economic and Security Implications of Quantum Information Science, as established by section 105 of the National Quantum Initiative Act ( 15 U.S.C. 8814a ), in coordination with the Director of the National Institute of Standards and Technology and in consultation with the Quantum Economic Development Consortium, shall develop a National Quantum Cybersecurity Migration Strategy that includes the following:
A definition of a cryptographically relevant quantum computer. Recommended standards for Federal agencies to apply to determine whether a quantum computer meets such definition, including— the characteristics of such computers; and the particular point at which such computers are capable of attacking real world cryptographic systems that classical computers are unable to attack. An assessment of the urgency for migration to post-quantum cryptography for each Federal agency relative to— the critical functions of each agency; and the risk each agency faces should a cryptographically relevant quantum computer attack a system operated by the agency.
Performance measures for migration to post-quantum cryptography to be used by each Federal agency for each of the following 4 stages of migration: Preparation for migration to post-quantum cryptography. Establishment of a baseline understanding of the data inventory. Planning and execution of post-quantum cryptographic solutions, including ensuring that data at rest and in motion is subject to appropriate protections. Monitoring and evaluation of migration success and assessment of cryptographic security.
A plan for evaluating and monitoring entities that are at high risk of quantum cryptographic attacks, including entities determined to be providers of critical infrastructure. Not later than 180 days after the date of the enactment of this Act, the Subcommittee on the Economic and Security Implications of Quantum Information Science shall establish a post-quantum pilot program that requires each sector risk management agency to upgrade not less than one high-impact system to post-quantum cryptography not later than January 1, 2027.
Not later than 180 days after the date of the enactment of this Act, the Administrator of the Office of Electronic Government, in coordination with the Subcommittee on the Economic and Security Implications of Quantum Information Science, shall— survey the heads of Federal agencies for information relating to the cost of migration to post-quantum cryptography by the Federal agencies, including estimates for the personnel, equipment, and time needed to fully implement post-quantum cryptography, in alignment with the National Quantum Cybersecurity Migration Strategy developed pursuant to subsection (a); verify that the information provided under paragraph
(1)is realistic and fiscally sound; identify the funding and resources necessary for Federal agencies to carry out the migration to post-quantum cryptography; and advise on how Federal agencies should encourage the adoption of post-quantum cryptography by the private sector. Not later than 1 year after the date of the enactment of this Act, the Director of the Office of Management and Budget and the Subcommittee on the Economic and Security Implications of Quantum Information Science shall jointly submit to Congress a report detailing their findings with respect to the post-quantum migration assessments required under subsection (a)(3), the pilot program established pursuant to subsection (b), and the survey on associated costs of executing the migration required by subsection (c)(1). Not later than 1 year after the development of the National Quantum Cybersecurity Migration Strategy under subsection (a), and annually thereafter, the Comptroller General of the United States shall submit to Congress an assessment, using the performance measures described in subsection (a)(4), of the progress made by each Federal agency in migrating to post-quantum cryptography.
Connectionstraces to 1
Citation graph
cites case law
Sec. 3
Strategy for Federal agency migration to post-quantum cryptography
U.S.C.§ 8814a
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.