No Result
View All Result
  • Login
Friday, July 17, 2026
theadvisertimes.com
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
No Result
View All Result
theadvisertimes.com
No Result
View All Result
Home Market Analysis

Use EO 14409 As A Canary For Enterprise PQC Migration And Procurement

by theadvisertimes.com
3 weeks ago
in Market Analysis
Reading Time: 4 mins read
A A
0
Use EO 14409 As A Canary For Enterprise PQC Migration And Procurement
Share on FacebookShare on TwitterShare on LInkedIn


On June 22, 2026, the White House issued Executive Order 14409, “Securing the Nation Against Advanced Cryptographic Attacks.” While it has direct implications for federal agencies, there are parts that are worth paying attention to for enterprise security and risk leaders. Here’s what’s worth your attention, whether or not you hold a federal contract.

You Now Have A Clear Operating Assumption With An Accelerated Timeline

The order opens with “harvest now, decrypt later” as its rationale: adversaries collecting encrypted sensitive data today to decrypt it once large-scale quantum computers exist. It commits the US government to migrating to NIST’s PQC standards by end of 2030 for key establishment and by end of 2031 for digital signatures for high value assets and high impact systems. This is a notable departure from the previous target of 2035 across Federal systems overall.

What this means: The “should we start now” debate is settled for any organization sitting on data with a long confidentiality shelf life. The order generates greater urgency surrounding this risk. Data exfiltrated today is exposed the day a cryptographically relevant quantum computer arrives (Q-Day!) — and you don’t control when that is. Determine the shelf life of your sensitive data. What holds longer term value is specific to your organization, from source code, health and biometric records, authentication credentials, to trade secrets. Identify where long-lived sensitive data intersects with vulnerable public-key cryptography, external exposure, and third-party dependencies.

The FAR Rule Has Takeaways For Non-Contractors Too

Section 6 directs the Federal Acquisition Regulatory (FAR) Council to publish a proposed rule to amend the FAR, within 180 days, requiring covered contractors to comply by December 31, 2030, with NIST’s FIPS, including the PQC-compliant algorithms. This deadline is not unique: other governments internationally have mandated similar timelines for PQC migration.

What this means: Even if you do not sell to the federal government, you should treat 2030 (for key establishment) and 2031 (for digital signatures) as the de facto benchmark for your own security program. Named deadlines for PQC migration from governments will influence regulatory and sector-specific deadlines, as well as third-party partner requirements and technology vendor roadmaps. If you sell to the federal government, PQC becomes a contract term with a date attached. The proposed rule — not the final rule — is the thing to watch, because that’s where scope and definitions get set. File your comments while they still count.

Cryptographic Bill of Materials (CBOMs) Will Be SBOM’s Sequel

Section 5 directs CISA and NIST to publish, within 270 days, the minimum elements for a cryptographic bill of materials (CBOM) which is a structure designed to let you automatically assess the cryptographic assets inside a piece of hardware or software. This starts us down the path for a new vendor risk management and procurement requirement.

What this means: You can’t migrate what you can’t see, and most enterprises have no current inventory of where and how cryptography is used across their environment. The CBOM will help. Even more important to note: the SBOM made after the 2021 cybersecurity EO, went from being a niche artifact to a procurement expectation. If you sell hardware or software, stay tuned for the published elements to come so a CBOM is something you can produce for buyers. Today, we see open source solutions like CBOMkit from IBM Research leading CBOM creation. Your own third-party risk management processes must include revising SLAs and procurement agreements to ask vendors to disclose their own products’ CBOMs. CBOMs for legacy hardware will likely be unobtainable and will either require a waiver or hardware replacement or firmware upgrade.

Your Vulnerability Disclosure Now Covers Weak Cryptography

Section 6 also directs the FAR Council to propose, within 270 days, rules requiring covered contractors’ vulnerability disclosure programs to capture cryptographic vulnerabilities — explicitly including testing for the absence of encryption and the use of non-FIPS-approved algorithms.

What this means: “We didn’t encrypt that” and “we used a non-approved algorithm” move from being audit findings to being reportable vulnerability classes. Cryptographic hygiene is now a continuous vulnerability-management best practice rather than a periodic compliance check. If you run a VDP or a bug bounty, your scope, intake, and triage logic need to account for cryptographic findings and your remediation SLAs need a place to put them. This raises the bar for your security vendors in this area as well; begin to assess this as a part of your procurement due diligence going forward. These disclosures will likely extend to areas including IAM, CIAM, tokenization, data protection, unified messaging, and other domains.

Critical Infrastructure Gets a Partner, Not a Mandate — Yet

Section 5 directs every federal agency that serves as a Sector Risk Management Agency to work through CISA to help critical infrastructure owners and operators build their PQC migration plans.

What this means: If you are a security leader for a utility, hospital system, bank, pipeline, wastewater system, or any other critical infrastructure operator, take note. Your sector agency and CISA are now tasked with assisting you in developing your PQC migration plans. Watch to see if any assistance in the form of “voluntary” sector guidance comes through, which may eventually turn into a baseline that regulators and insurers later expect. Engage early so you have greater input into shaping your migration plan. Start with identifying and prioritizing critical and high-consequence functions: remote access into OT environments, identity and certificate infrastructure, encrypted data flows between operators and third parties, firmware and software signing, backup and recovery systems, and communications tied to incident response or safety operations.

Assemble Your Team For PQC Migration

The federal government is treating PQC as an execution program, not a standards update. Enterprises should do the same. The hardest parts will be ownership, sequencing, validation, and dependency management. Cryptographic discovery and inventory will be uncomfortable for many organizations because cryptography is often embedded in products, protocols, libraries, APIs, certificates, HSMs, identity systems, and vendor-managed services that security teams do not fully own. Including more PQC questions in RFPs and contract renewals, third-party risk reviews, cyber insurance discussions, and board-level risk conversations also requires coordination with other internal stakeholders.

 

Ensure that stakeholders recognize that timelines can change. We’ve seen deadlines become progressively more aggressive in the last 18 months and teams must be prepared for the idea that that could continue. Forrester clients can check out the full initiative blueprint to help drive their quantum security migration, or schedule a guidance session or inquiry with us.



Source link

Tags: CanaryEnterprisemigrationPQCprocurement
ShareTweetShare
Previous Post

New Executive Order Makes PQC Migration A Multiyear Operational Program For Federal Security Leaders

Next Post

Use The New Executive Order As A Canary For Enterprise PQC Migration And Procurement

Related Posts

How to Look Strategic as a Channel Chief in 2026

How to Look Strategic as a Channel Chief in 2026

by theadvisertimes.com
July 16, 2026
0

Why does the C-suite view some channel leaders as indispensable architects of growth while others are seen as mere administrators...

How AI Impacts The Customer Service Job Market

How AI Impacts The Customer Service Job Market

by theadvisertimes.com
July 16, 2026
0

We know that companies right now are heavily investing in customer service technologies with embedded AI capabilities. Companies are using...

Meet Rick Geneva: Principal Analyst For Cloud-Native Development

Meet Rick Geneva: Principal Analyst For Cloud-Native Development

by theadvisertimes.com
July 16, 2026
0

After three decades in IT, I’m now watching the fifth major innovation cycle of my career: I’ve seen PC networking,...

Europe Builds The Blueprint For Social Platform Accountability

Europe Builds The Blueprint For Social Platform Accountability

by theadvisertimes.com
July 16, 2026
0

Following the UK’s move to tighten protections for minors online, the European Union is now considering its own youth social...

E-Waste Management Market Outlook: Opportunities and Emerging Trends

E-Waste Management Market Outlook: Opportunities and Emerging Trends

by theadvisertimes.com
July 16, 2026
0

The E-Waste Management Market is expanding steadily as governments, manufacturers, and consumers prioritize responsible disposal of electronic products. Rising volumes...

Feeling in Control of Your Channel Budget: A 2026 Strategic Guide

Feeling in Control of Your Channel Budget: A 2026 Strategic Guide

by theadvisertimes.com
July 15, 2026
0

Did you know that poor data quality costs the average business $12.9 million every year in wasted spend and missed...

Next Post
Meta-Analysis: Using Tech May Cut Cognitive-Impairment Risk—Why Experts Say ‘Technological Reserve’ Matters

Meta-Analysis: Using Tech May Cut Cognitive-Impairment Risk—Why Experts Say ‘Technological Reserve’ Matters

Getting past the pilot: Why so many AI test projects have trouble scaling

Getting past the pilot: Why so many AI test projects have trouble scaling

  • Trending
  • Comments
  • Latest
Should You Offer a Concession to Get Your Apartment Leased Faster?

Should You Offer a Concession to Get Your Apartment Leased Faster?

June 15, 2026
How I Maximize My Sapphire Reserve Dining Credit

How I Maximize My Sapphire Reserve Dining Credit

July 10, 2026
Fourth of July 2026 Freebies and Deals

Fourth of July 2026 Freebies and Deals

July 3, 2026
5 things financial therapists want every advisor to know

5 things financial therapists want every advisor to know

June 26, 2026
The 10 Largest NYC Tech Startup Funding Rounds of June 2026 – AlleyWatch

The 10 Largest NYC Tech Startup Funding Rounds of June 2026 – AlleyWatch

July 6, 2026
Prime Day, June 2026: How Retailers Competed With Amazon

Prime Day, June 2026: How Retailers Competed With Amazon

June 29, 2026
I Drove One of the Cheapest Hybrid SUVs. Mazda’s CX-50 Gets Our OK

I Drove One of the Cheapest Hybrid SUVs. Mazda’s CX-50 Gets Our OK

0
Economic Foundations and Christianity Are Compatible

Economic Foundations and Christianity Are Compatible

0
Grant Cardone Stacks Another 10.5 Bitcoin From July Rent Cash Flow, Keeping Holdings Above 2,700 BTC

Grant Cardone Stacks Another 10.5 Bitcoin From July Rent Cash Flow, Keeping Holdings Above 2,700 BTC

0
20 DIY Apartment Decorating Ideas on a Budget

20 DIY Apartment Decorating Ideas on a Budget

0
Chevron – CVX: Comeback des Super-Ölbullen?

Chevron – CVX: Comeback des Super-Ölbullen?

0
President Trump Exposes America’s Election Integrity Disaster

President Trump Exposes America’s Election Integrity Disaster

0
Grant Cardone Stacks Another 10.5 Bitcoin From July Rent Cash Flow, Keeping Holdings Above 2,700 BTC

Grant Cardone Stacks Another 10.5 Bitcoin From July Rent Cash Flow, Keeping Holdings Above 2,700 BTC

July 17, 2026
I Drove One of the Cheapest Hybrid SUVs. Mazda’s CX-50 Gets Our OK

I Drove One of the Cheapest Hybrid SUVs. Mazda’s CX-50 Gets Our OK

July 17, 2026
Economic Foundations and Christianity Are Compatible

Economic Foundations and Christianity Are Compatible

July 17, 2026
Chevron – CVX: Comeback des Super-Ölbullen?

Chevron – CVX: Comeback des Super-Ölbullen?

July 17, 2026
Iran War: US Sixth Wave of Escalation Strikes Hits Bridges, Civilian Infrastructure, More Promised Next Week; Iran Hits Bahrain Refinery, Signaling Ability to Destroy Gulf Energy Assets; Closure of Bab el-Mandeb Strait Expected

Iran War: US Sixth Wave of Escalation Strikes Hits Bridges, Civilian Infrastructure, More Promised Next Week; Iran Hits Bahrain Refinery, Signaling Ability to Destroy Gulf Energy Assets; Closure of Bab el-Mandeb Strait Expected

July 17, 2026
MacOS Malware Uses Telegram Session Hijacking to Target Crypto Wallets

MacOS Malware Uses Telegram Session Hijacking to Target Crypto Wallets

July 17, 2026
theadvisertimes.com

Get the latest news and follow the coverage of Business & Financial News, Stock Market Updates, Analysis, and more from the trusted sources.

CATEGORIES

  • Business
  • Cryptocurrency
  • Economy
  • Financial Planning
  • Investing
  • Market Analysis
  • Markets
  • Money
  • Personal Finance
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • Grant Cardone Stacks Another 10.5 Bitcoin From July Rent Cash Flow, Keeping Holdings Above 2,700 BTC
  • I Drove One of the Cheapest Hybrid SUVs. Mazda’s CX-50 Gets Our OK
  • Economic Foundations and Christianity Are Compatible
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclosures
  • About Us
  • Contact Us

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.