Compliance
CNSA 2.0 Timeline Explained: The NSA's Post-Quantum Deadlines (2025–2033)
CNSA 2.0 deadlines by category (2025–2033), the Jan 1 2027 NSS acquisition gate, ML-KEM/ML-DSA mapping, and the first step for gov and defense vendors.
CNSA 2.0 Timeline Explained: The NSA's Post Quantum Deadlines (2025–2033) If you sell software, hardware, or services into National Security Systems (NSS), the NSA's Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) is no longer a future concern — its earliest milestones already landed in 2025. CNSA 2.0 sets staggered deadlines, by system category, for adopting post quantum cryptography, and from January 1, 2027, new NSS acquisitions must support it. This is a clear, skimmable reference for those dates, what they mean, and the one thing every government contractor and defense supplier should do first. What CNSA 2.0 Is — and Who It Binds CNSA 2.0 is the NSA's mandate for the cryptography that protects National Security Systems against the threat of a future cryptographically relevant quantum computer (CRQC). It replaces today's RSA and elliptic curve based suites with post quantum algorithms on a fixed timeline. The distinction that matters for your business: CNSA 2.0 is mandatory for National Security Systems. If you build or supply products that handle NSS data, compliance is not optional — it is a procurement gate. For everyone else (commercial enterprises, non NSS government work, the broader supply chain), CNSA 2.0 is one of the strongest best practice signals available about where federal cryptography is heading and on what schedule. Defense primes increasingly flow these expectations down to subcontractors, so even if you don't touch NSS data directly, your customers may. The Algorithms: CNSA 2.0 Maps to the NIST Standards CNSA 2.0 does not invent new cryptography. It points to the algorithms NIST finalized on August 13, 2024: ML KEM (FIPS 203) — the key encapsulation mechanism formerly known as Kyber, used for key exchange and encryption. ML DSA (FIPS 204) — the digital signature algorithm formerly known as Dilithium, used for signing. In other words, when you read "support CNSA 2.0," that means migrating your key exchange to ML KEM/FIPS 203 and your signatures to ML DSA/FIPS 204. These are finalized, published federal standards — not drafts — which is why the NSA can attach hard dates to them. (NIST also finalized FIPS 205 / SLH DSA for hash based signatures, with additional algorithms such as FN DSA/Falcon and the backup KEM HQC still in progress as of 2026.) If you want the deeper background on each standard, see our explainer on the NIST PQC standards — FIPS 203, 204, and 205. The CNSA 2.0 Timeline, by System Category The NSA does not flip a single switch. Each category of system has two key dates: when products must support and prefer the new algorithms, and when those algorithms become exclusive (the only ones permitted). Here is the schedule. | System category | Support & prefer by | Exclusive by | | | | | | Software & firmware signing | 2025 | 2030 | | Web browsers, servers & cloud services | 2025 | 2033 | | Networking equipment (VPNs, routers) | 2026 | 2030 | | Operating systems | 2027 | 2033 | | Niche & constrained environments | 2030 | 2033 | A few things stand out when you read this as a vendor: Software and firmware signing is first. The "support and prefer" milestone was 2025, and exclusivity arrives in 2030 — the tightest window on the chart. If you ship signed code or firmware updates into NSS, this is your leading edge. Networking equipment is on a fast exclusivity track. VPNs and routers only need to prefer PQC by 2026, but they must be PQC exclusive by 2030 — the same end date as code signing, despite