Biden Signs into Law the Quantum Computing Cybersecurity Bill

The law specifically requires that the Office of Management and Budget prioritize federal agencies’ acquisition of and migration of IT systems with post quantum cryptography. It also requires that the White House provide guidance to federal agencies on how to evaluate critical systems within one year of the National Institute of Standards and Technology issuing post-quantum cryptography standards.

In September, the National Security Agency issued guidance

The law requires that OMB send a report each year to Congress, which should include a strategy to address the post-quantum cryptography risk from all levels of government.

The White House gave federal agencies until May 4 next year to provide an inventory of cryptographic systems that could be cracked by quantum computers in a Nov. 18 memo, the White House gave federal agencies till May 4, next year, to compile an inventory of cryptographic systems. This could be used by quantum computers.

It outlined requirements for national security system owners and operators to use post-quantum algorithms before 2035.

The intelligence agency issued an advisory at that time recommending that vendors begin preparing for new technology requirements, but acknowledging that certain quantum-resistant algorithms are still to be approved.

Wednesday’s signing by President Biden of the SBA Cyber Awareness Act was also a significant milestone. It requires that the Small Business Administration submit an annual report on cybersecurity for the agency.