No Result
View All Result
SUBMIT YOUR ARTICLES
  • Login
Saturday, July 18, 2026
TheAdviserMagazine.com
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
No Result
View All Result
TheAdviserMagazine.com
No Result
View All Result
Home Market Research Market Analysis

Use The New Executive Order As A Canary For Enterprise PQC Migration And Procurement

by TheAdviserMagazine
3 weeks ago
in Market Analysis
Reading Time: 4 mins read
A A
Use The New Executive Order As A Canary For Enterprise PQC Migration And Procurement
Share on FacebookShare on TwitterShare on LInkedIn


On June 22, 2026, the White House issued a new executive order (EO), Securing the Nation Against Advanced Cryptographic Attacks. While it has direct implications for federal agencies, there are parts that are worth paying attention to for enterprise security and risk leaders. Here’s what’s worth your attention, whether or not you hold a federal contract.

You Now Have A Clear Operating Assumption With An Accelerated Timeline

The order opens with the concept of harvesting now, decrypting later as its rationale — referring to adversaries collecting encrypted sensitive data today to decrypt it once large-scale quantum computers exist. It commits the US government to migrating to the National Institute of Standards and Technology’s (NIST’s) post-quantum cryptography (PQC) standards by the end of 2030 for key establishment and by the end of 2031 for digital signatures for high-value assets and high-impact systems. This is a notable departure from the previous target of 2035 across federal systems overall.

What this means: The “Should we start now?” debate is settled for any organization sitting on data with a long confidentiality shelf life. The order generates greater urgency surrounding this risk. Data exfiltrated today is exposed the day a cryptographically relevant quantum computer arrives (Q-day!) — and you don’t control when that is. Determine the shelf life of your sensitive data. What holds longer-term value is specific to your organization — from source code and health and biometric records to authentication credentials and trade secrets. Identify where long-lived sensitive data intersects with vulnerable public-key cryptography, external exposure, and third-party dependencies.

The FAR Rule Has Takeaways For Noncontractors, Too

Section 6 directs the Federal Acquisition Regulatory Council to publish a proposed rule to amend the Federal Acquisition Regulation (FAR) within 180 days, requiring covered contractors to comply by December 31, 2030 with NIST’s Federal Information Processing Standards (FIPS) — including the PQC-compliant algorithms. This deadline isn’t unique: Other governments internationally have mandated similar timelines for PQC migration.

What this means: Even if you don’t sell to the federal government, you should treat 2030 (for key establishment) and 2031 (for digital signatures) as the de facto benchmark for your own security program. Named deadlines for PQC migration from governments will influence regulatory and sector-specific deadlines, as well as third-party partner requirements and technology vendor roadmaps. If you sell to the federal government, PQC becomes a contract term with a date attached. The proposed rule — not the final rule — is the thing to watch, because that’s where scope and definitions get set. File your comments while they still count.

CBOMs Will Be SBOMs’ Sequel

Section 5 directs the Cybersecurity and Infrastructure Security Agency (CISA) and NIST to publish, within 270 days, the minimum elements for a cryptographic bill of materials (CBOM), which is a structure designed to let you automatically assess the cryptographic assets inside a piece of hardware or software. This starts us down the path for a new vendor risk management and procurement requirement.

What this means: You can’t migrate what you can’t see, and most enterprises have no current inventory of where and how cryptography is used across their environment. The CBOM will help. Even more important to note: The software bill of materials (SBOM) made after the 2021 cybersecurity EO went from being a niche artifact to a procurement expectation. If you sell hardware or software, stay tuned for the published elements to come so that you’ll be able to produce a CBOM for buyers. Today, we see open-source solutions like CBOMkit from IBM Research leading CBOM creation. Your own third-party risk management processes must include revising SLAs and procurement agreements to ask vendors to disclose their own products’ CBOMs. CBOMs for legacy hardware will likely be unobtainable and will either require a waiver, hardware replacement, or firmware upgrade.

Your Vulnerability Disclosure Now Covers Weak Cryptography

Section 6 also directs the Federal Acquisition Regulatory Council to propose, within 270 days, rules that require covered contractors’ vulnerability disclosure programs (VDPs) to capture cryptographic vulnerabilities — explicitly including testing for the absence of encryption and the use of non-FIPS-approved algorithms.

What this means: “We didn’t encrypt that” and “We used a non-approved algorithm” move from being audit findings to reportable vulnerability classes. Cryptographic hygiene is now a continuous vulnerability-management best practice rather than a periodic compliance check. If you run a VDP or a bug bounty, your scope, intake, and triage logic need to account for cryptographic findings and your remediation SLAs need a place to put them. This raises the bar for your security vendors, as well; begin to assess this as a part of your procurement due diligence going forward. These disclosures will likely extend to areas including identity access management, customer identity access management, tokenization, data protection, unified messaging, and other domains.

Critical Infrastructure Gets A Partner, Not A Mandate — Yet

Section 5 directs every federal agency that serves as a Sector Risk Management Agency to work through CISA to help critical infrastructure owners and operators build their PQC migration plans.

What this means: If you’re a security leader for a utility, hospital system, bank, pipeline, wastewater system, or any other critical infrastructure operator, take note. Your sector agency and CISA are now tasked with assisting you in developing your PQC migration plans. Watch to see if any assistance in the form of “voluntary” sector guidance comes through, which may eventually turn into a baseline that regulators and insurers later expect. Engage early so you have greater input in shaping your migration plan. Start with identifying and prioritizing critical and high-consequence functions: remote access into OT environments, identity and certificate infrastructure, encrypted data flows between operators and third parties, firmware and software signing, backup and recovery systems, and communications tied to incident response or safety operations.

Assemble Your Team For PQC Migration

The federal government is treating PQC as an execution program, not a standards update. Enterprises should do the same. The hardest parts will be ownership, sequencing, validation, and dependency management. Cryptographic discovery and inventory will be uncomfortable for many organizations because cryptography is often embedded in products, protocols, libraries, APIs, certificates, hardware security models, identity systems, and vendor-managed services that security teams don’t fully own. Including more PQC questions in RFPs and contract renewals, third-party risk reviews, cyber insurance discussions, and board-level risk conversations also requires coordination with other internal stakeholders.

Ensure that stakeholders recognize that timelines can change. We’ve seen deadlines become progressively more aggressive in the last 18 months, and teams must be prepared for that to continue. Forrester clients can check out the full initiative blueprint to help drive their PQC migration or schedule a guidance session or inquiry with us.



Source link

Tags: CanaryEnterpriseexecutivemigrationOrderPQCprocurement
ShareTweetShare
Previous Post

Use EO 14409 As A Canary For Enterprise PQC Migration And Procurement

Next Post

Why viral public whale liquidations are becoming a real trading signal on Hyperliquid

Related Posts

edit post
AI Won’t Save Your Transformation

AI Won’t Save Your Transformation

by TheAdviserMagazine
July 17, 2026
0

…and it was never supposed to. Speed is not a substitute for direction. The hype would have you believe that...

edit post
How to Look Strategic as a Channel Chief in 2026

How to Look Strategic as a Channel Chief in 2026

by TheAdviserMagazine
July 16, 2026
0

Why does the C-suite view some channel leaders as indispensable architects of growth while others are seen as mere administrators...

edit post
How AI Impacts The Customer Service Job Market

How AI Impacts The Customer Service Job Market

by TheAdviserMagazine
July 16, 2026
0

We know that companies right now are heavily investing in customer service technologies with embedded AI capabilities. Companies are using...

edit post
Meet Rick Geneva: Principal Analyst For Cloud-Native Development

Meet Rick Geneva: Principal Analyst For Cloud-Native Development

by TheAdviserMagazine
July 16, 2026
0

After three decades in IT, I’m now watching the fifth major innovation cycle of my career: I’ve seen PC networking,...

edit post
Europe Builds The Blueprint For Social Platform Accountability

Europe Builds The Blueprint For Social Platform Accountability

by TheAdviserMagazine
July 16, 2026
0

Following the UK’s move to tighten protections for minors online, the European Union is now considering its own youth social...

edit post
Research Report: Betting in Africa 2026

Research Report: Betting in Africa 2026

by TheAdviserMagazine
July 16, 2026
0

A six-country survey on who bets, what they play, how often, how they play, and how much they spend across...

Next Post
edit post
Why viral public whale liquidations are becoming a real trading signal on Hyperliquid

Why viral public whale liquidations are becoming a real trading signal on Hyperliquid

edit post
Meta-Analysis: Using Tech May Cut Cognitive-Impairment Risk—Why Experts Say ‘Technological Reserve’ Matters

Meta-Analysis: Using Tech May Cut Cognitive-Impairment Risk—Why Experts Say ‘Technological Reserve’ Matters

  • Trending
  • Comments
  • Latest
edit post
Mass Fraud in Massachusetts Committed by Illegal Immigrants Discovered

Mass Fraud in Massachusetts Committed by Illegal Immigrants Discovered

June 22, 2026
edit post
New York Seniors: 6 STAR Tax Relief Rules That Could Put a Bigger Check in Your Mailbox

New York Seniors: 6 STAR Tax Relief Rules That Could Put a Bigger Check in Your Mailbox

June 20, 2026
edit post
5 Pennsylvania Rebate Rules Seniors Should Check Before the Property Tax/Rent Deadline

5 Pennsylvania Rebate Rules Seniors Should Check Before the Property Tax/Rent Deadline

June 18, 2026
edit post
New Jersey Tax-Relief Events: Three July Dates Near Seniors

New Jersey Tax-Relief Events: Three July Dates Near Seniors

July 13, 2026
edit post
Bristlecone pines growing in the White Mountains of California germinated before the Great Pyramid was built, and the oldest one alive today, nicknamed Methuselah, has been quietly adding rings for 4,855 years in soil so poor almost nothing else survives beside it

Bristlecone pines growing in the White Mountains of California germinated before the Great Pyramid was built, and the oldest one alive today, nicknamed Methuselah, has been quietly adding rings for 4,855 years in soil so poor almost nothing else survives beside it

July 8, 2026
edit post
Retail giant exits U.S. fashion after multi-million-dollar scandal

Retail giant exits U.S. fashion after multi-million-dollar scandal

July 1, 2026
edit post
Coffee Break: Health Care Digest

Coffee Break: Health Care Digest

0
edit post
Citadel backs two rival crypto exchanges with 0 million as both chase the same Wall Street prize

Citadel backs two rival crypto exchanges with $600 million as both chase the same Wall Street prize

0
edit post
Book a Lie-Flat Seat on a Short Trip in Europe

Book a Lie-Flat Seat on a Short Trip in Europe

0
edit post
Speakeasy Raises .8M to Build the Intelligence Layer for the Live Events Industry – AlleyWatch

Speakeasy Raises $8.8M to Build the Intelligence Layer for the Live Events Industry – AlleyWatch

0
edit post
AI Won’t Save Your Transformation

AI Won’t Save Your Transformation

0
edit post
How advisors can tailor services to clients with ADHD

How advisors can tailor services to clients with ADHD

0
edit post
AI Won’t Save Your Transformation

AI Won’t Save Your Transformation

July 17, 2026
edit post
Case Study: How JCPenney Scaled its B2B Resale Program

Case Study: How JCPenney Scaled its B2B Resale Program

July 17, 2026
edit post
Major Cruise Line Pauses Visits to Caribbean Destination until 2027

Major Cruise Line Pauses Visits to Caribbean Destination until 2027

July 17, 2026
edit post
Champion Electric Metals restores Jonathan Buick as CEO, names new CFO (OTCQB:CHELF)

Champion Electric Metals restores Jonathan Buick as CEO, names new CFO (OTCQB:CHELF)

July 17, 2026
edit post
Friday File: Two Healthcare Buys

Friday File: Two Healthcare Buys

July 17, 2026
edit post
After Supreme Court loss, Trump tests a new tariff strategy on Brazil and other countries may follow

After Supreme Court loss, Trump tests a new tariff strategy on Brazil and other countries may follow

July 17, 2026
The Adviser Magazine

The first and only national digital and print magazine that connects individuals, families, and businesses to Fee-Only financial advisers, accountants, attorneys and college guidance counselors.

CATEGORIES

  • 401k Plans
  • Business
  • College
  • Cryptocurrency
  • Economy
  • Estate Plans
  • Financial Planning
  • Investing
  • IRS & Taxes
  • Legal
  • Market Analysis
  • Markets
  • Medicare
  • Money
  • Personal Finance
  • Social Security
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • AI Won’t Save Your Transformation
  • Case Study: How JCPenney Scaled its B2B Resale Program
  • Major Cruise Line Pauses Visits to Caribbean Destination until 2027
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclosures
  • Contact us
  • About Us

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.