Elodie Collins
General Dynamics Information Technology has shared its three-part framework that could enable agencies to assess their post-quantum cryptography risks and readiness.
In a blog post, Matthew McFadden, vice president of cyber at GDIT, said multiple civilian agencies where the company has applied the Discover, Assess, Manage framework for PQC preparations are ahead of the curve.
How to Prepare for Post-Quantum Future?
GDIT’s framework begins with the discovery phase, wherein organizations must identify and manage risks associated with PQC. According to McFadden, the company automates the discovery process and works with its customers to gain a deeper understanding of inherent and emerging risks.
The next phase is assessment, where the agency must identify existing cryptography and prioritize mitigation efforts. GDIT delivers to customers actionable risk assessments to aid in the process.
Finally, for the manage phase, agencies must begin actively migrating their assets from standard to PQC encryption. GDIT supports customers by carrying out PQC detection and control, applying PQC algorithms and updating systems.
The White House, in an executive order published in June, set a deadline of Jan. 2, 2030, by which all civilian agencies must have transitioned to PQC. As more agencies begin their PQC journeys, McFadden said the process requires continuous, all-hands-on-deck assessment and action. By starting the transition today, he added that agencies can secure their systems and meet the government’s 2030 deadline.
