惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
P
Palo Alto Networks Blog
Know Your Adversary
Know Your Adversary
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cisco Talos Blog
Cisco Talos Blog
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
J
Java Code Geeks
博客园_首页
Scott Helme
Scott Helme
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
V
Visual Studio Blog
Cloudbric
Cloudbric
Jina AI
Jina AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 叶小钗
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
A
Arctic Wolf
C
Cybersecurity and Infrastructure Security Agency CISA
S
SegmentFault 最新的问题
The Last Watchdog
The Last Watchdog
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
W
WeLiveSecurity
K
Kaspersky official blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
宝玉的分享
宝玉的分享
Hugging Face - Blog
Hugging Face - Blog
量子位
Google Online Security Blog
Google Online Security Blog
博客园 - Franky
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 三生石上(FineUI控件)
Recent Commits to openclaw:main
Recent Commits to openclaw:main

Featured Blogs - Forrester

Customer Zero Proves AI Works When Humans Change Customer Zero Programs Prove That AI Works When Humans Change Prime Day, June 2026: How Retailers Competed With Amazon Inclusive Design Is Automotive’s Overlooked Growth Opportunity B2B Social Media Influencers Have More Influence Than Ever Comcast Split Puts NBCUniversal In Play What Technology Leaders Should Not Miss At Technology & Innovation Forum Central Why Your AI Strategy Needs A DEXM Solution: Lessons From Nexthink Masters Of Experience The Dawn Of The Accidental Developer The Next Era Of B2B Events: 8 Data-Backed Shifts Defining 2026 The Next Era Of B2B Events: Eight Data-Backed Shifts Defining 2026 Identiverse 2026 Recap: Identity Security for Agentic AI Dominates Announcing The Forrester Wave™ On Extended Detection And Response Platforms: Platformization, AI, And…AI Announcing The Forrester Wave™ On Extended Detection And Response Platforms: Platformization, AI, And … AI Use EO 14409 As A Canary For Enterprise PQC Migration And Procurement Use The New Executive Order As A Canary For Enterprise PQC Migration And Procurement New Executive Order Makes PQC Migration A Multiyear Operational Program For Federal Security Leaders AI Is Moving Fast, But Trust Is Struggling To Keep Up: Why Security And Risk Leaders Can’t Miss Forrester’s AI Forum Answer Engines Will Select Your Content. Your Digital Experience Has To Do More. Meta Gambles With Its Trust In Prediction Markets The EU’s Digital Markets Act Meets The Mobile OS, Round 2 Don’t Just Hear About The IT Singularity — Work Through It At Our Austin Tech Forum Don’t Just Hear About The IT Singularity — Work Through It At Our NYC Tech Forum The Cost Of AI Productivity Is Less Creativity Dollars And Sense At FinOps X 2026: Is AI Value Management Bigger Than FinOps? Quantum Security Is No Longer Optional: A Practical Blueprint For Successful Implementation The AI Orchestration Layer In Banking Is The New Battleground The Canary in the CDP Mine: Databricks CustomerLake Is The Litmus Test For Agentic Marketing The Canary in the CDP Mine: Databricks CustomerLake Is The Litmus Test For Agentic Marketing AI Forces A Redesign Of How Marketing And Agencies Work The IT Singularity Is Here: Announcing Forrester’s 2026 Technology Events Nuvei Makes Its B2B Cross-border Payment Move: The Payoneer Acquisition Google Dethrones OpenAI As Agencies’ Preferred AI Partner When Algorithms And LLMs Become Sellers, Your Commerce Strategy Must Change Google Goes All-In: An AI-Operated System, Not AI-Assisted Products Cisco’s Platform Push: Big Vision, Real Questions Retail's Incremental Total Experience Shift: Select Brands See Significant Improvement It's Time To Elevate Journeys Into Decision Systems AI Agents Need Real-Time Context: Data Streaming Is How You Are Going To Get It Tackle Enterprise AI’s Hardest Question At Forrester’s AI Forums Building The Human Foundation For AI At CX Forum East What Separates Scalable AI-Driven Innovation From Promising Experiments Hyland CommunityLive 2026: A Call To Action for Enterprise Content Management Leaders Call For Entries: Forrester’s B2B Forum EMEA 2026 Awards AI Agents Are Your New Customer. But Can You Target and Grow Their Trust in Your Brand? Survey Insights: How Business Applications Are Purchased Governance: New Strategy, Old Hands On The Wheel … US Health Insurers Show Experience Improvements Announcing The 2026 Forrester Wave™ On Accounts Payable Invoice Automation Announcing The Forrester Wave™: Accounts Payable Invoice Automation Software, Q2 2026 US Banks’ Total Experience Is Improving, But Most Still Have Work To Do UK Social Media Ban Forces Platform Accountability Total Recall: A Cautionary Fable Of Anthropic And The US Government Consumers Aren’t Ready To Delegate Payments To AI Agents Fox Makes $22B Roku Acquisition Bet Secure The Future Of Internet Traffic As Agents Take Over Coupa’s Inspire 2026 Unveils A Strategy And Acquisition Spree To Build The Autonomous Spend Management “Network” A Fake PLG Strategy Is Exposed Through Your Digital Commerce Experiences Conway’s Law: Your Operating Model Matters More Than The AI Model Turn Application Portfolio Rationalization Into A Continuous Optimization Capability Healthcare And Life Sciences: Turning AI Momentum Into Lasting Value How To Build A Loyalty Team That Scales With Your Program Align B2B Marketing Teams To Thrive In A Buyer-Centric World OpenAI’s Proposed IPO Opens A Trifecta Of Opportunities For It, But Don’t Lock In Just Yet Retention-As-A-Service Is An Intriguing Idea — Here’s What It Actually Means Customer Success And Customer Experience: The Difference Is More Than Semantic How Fable 5 And Mythos 5 Change AI Security, Data Retention, And Vendor Risk Announcing Forrester’s Top Cybersecurity Threats For 2026 Your AI Bill Is A Context Problem Build The Human Foundations Before You Scale AI The State Of Agentic AI In 2026: Companies Are Chasing, Few Are Catching Move Over WAF. The Web Application Protection Platform Takes Over Microsoft Build 2026: Pushing The Frontier With A More Opinionated AI Playbook Anthropic’s Proposed IPO Will Change The Economics Of Enterprise AI AI Is Forging A New RevOps Identity AI Is Forging A New RevOps Identity Build Meaning Before Machines: Why Semantics, Ontologies, And Knowledge Graphs Matter For Agentic AI Red Hat Summit 2026: Can Red Hat Win Its Claim As The Hybrid AI Control Plane? Ad Creative Is A Technology Problem And Opportunity The State Of Portfolio And Product Marketing In 2026 Miro’s Big Bet: Can A Whiteboard Company Become The AI Decisioning Layer For The Enterprise? Agents Are In The Aisle: The 2026 NRF APAC Innovators To Watch Italy’s B2B Marketing Challenge Is Not Strategy — It’s Focus And Alignment If Buyers Change How They Search, Marketing Must Change How It Shows Up European B2B Marketing Has A Data Problem, Not A Vision Problem The AppGen And Low-Code Platforms Landscape, Q2 2026, Is Out! What Anthropic’s Two Recent Announcements Mean For Manufacturers Agentic AI In Insurance: Stop Chasing Autonomous Agents. Start Engineering Trust. The Consolidation Wars: M&A Is Rewriting Finance Automation Seven Ways To Turn CX Forum East Analyst Time Into Real Momentum Seven Ways To Turn CX Forum West Analyst Time Into Real Momentum Leading With Intention: What Women Leaders Told Us About AI And The Future Of Work Redesign B2B2C Digital Strategy For The AI Era Marketplace Platforms Aren’t One Market Anymore: Announcing Forrester’s Two Landscapes For 2026 The State Of Agentic Commerce In Mid-2026 If Your Employees Aren’t Ready For AI, Neither Is Your Business Announcing The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q2 2026 Financial Well-Being Is Under Pressure — A Strategic Priority For Banks TeamViewer Connect: A Pragmatic Look At How IT Can Level Up DEX Freshworks Signals A More Practical Future For AI Service Management Zendesk Relate 2026 Showed Why Agentic Customer Service Starts With Knowledge
EO 14409 Makes PQC Migration A Multi-Year Operational Program For Federal Security Leaders
Heidi Shey · 2026-06-25 · via Featured Blogs - Forrester

For a private-sector CISO, Executive Order 14409, “Securing the Nation Against Advanced Cryptographic Attacks” is an additional signal and call to action. For Federal security leaders, it’s an order with your name on it. The recap on what to do is short: inventory your cryptography, name someone to run the migration, and move your priority systems to NIST’s post-quantum standards by the deadline. The challenge is whether you can execute fast enough without losing control of scope, dependencies, and mission risk.

Treat Your PQC Migration Lead As More Than A Contact

Section 4 requires that within 30 days, each agency head must name a PQC migration lead and send the name and contact details to OMB and the National Cyber Director.

What this means: The job is really a multi-year program-office function, and the person needs authority to compel participation and action. This person owns agency-wide cryptographic inventory management, a prioritized migration plan, and cross-agency coordination. Treat the 30-day deadline as a forcing function to decide who has the authority required to own this, identify cross-functional key contributors that will support the migration lead, and establish governance and escalation paths.

Cryptographic Inventory Is Where You Will Gain Or Lose Time

Within 90 days, OMB will issue guidance requiring each agency to review its inventory of high-value assets and high-impact systems, move them to PQC for key establishment by December 31, 2030 and for digital signatures by December 31, 2031, and submit a plan.

What this means: The 2030 and 2031 dates live in the EO itself, not the forthcoming OMB guidance. The guidance will tell you how to report, not whether the clock runs. Waiting for it spends 90 days of your scarcest resource. You have a head start: your HVA designations under OMB M-19-03 and your FISMA high-impact categorizations already give you the system list to start from. Gaining the required visibility of where cryptography is used across applications, infrastructure, identity systems, certificates, APIs, embedded systems, vendor products, cloud services, and managed services is foundational to your PQC migration. The coordinated efforts for procurement outlined in the EO, including any shared procurement of PQC tools, will help but you may not need to wait. Use this window of time to assess whether you already have existing technologies in your environment with built-in capabilities for cryptographic algorithm discovery and inventory. If you have already started cryptographic discovery activities, use the time to validate and consolidate your existing inventories.

Key Establishment And Digital Signatures Are Different Migration Efforts

The EO separates deadlines for key establishment and digital signatures, in recognition of the complexity involved. This is by design.

What this means: Protecting encrypted data in transit and replacing signature mechanisms are related, but they create different operational problems. Key establishment affects protocols and communications paths. Digital signatures touch software integrity, identity, certificates, authentication flows, document signing, firmware validation, and other trust mechanisms.

This distinction matters for sequencing. Agencies may be able to pilot hybrid or PQC-ready key establishment in some environments sooner than they can unwind signature dependencies (and potentially conduct re-signing for documents, contracts, code, etc.) across software, devices, and vendor ecosystems.

CBOMs Will Expose Vendor And System Blind Spots

The EO requires CISA, in coordination with NIST, to release public guidance within 270 days describing minimum elements for a cryptographic bill of materials (CBOMs). The purpose is to enable automated assessment of cryptographic assets used by hardware or software elements.

What this means: Agencies cannot migrate what they cannot see, and they cannot manage vendor risk if vendors cannot explain what cryptography their products use. A CBOM makes weak visibility harder to excuse as cryptographic transparency will become part of federal supply chain security. Revise SLAs and procurement agreements to ask vendors to disclose their own products’ CBOMs. CBOMs for legacy hardware will likely be unobtainable and will either require a waiver or hardware replacement or firmware upgrade. Because of SBOMs and self-attestation work by CISA and GSA, there is already a centralized portal and process that can be re-used to collect CBOMs cross agency.

Take Note If Owning Or Operating National Security Systems

Section 5 of the order explicitly calls for the NSA to submit a report to the President through the Committee on National Security Systems (NSS) within 180 days and annually after that on the status of PQC migration for agencies that own or operate NSS.

What this means: If your agency runs both FISMA and NSS systems, you now have two migration regimes with different owners, deadlines, and reporting chains. NSA’s CNSA 2.0 published in 2022 already drives NSS on a timeline of legacy gear phased out by 2030 and full migration by 2035. The danger is the seam between them: duplicated inventory work, inconsistent tooling, and cryptographic dependencies that cross the boundary and go unmanaged because each side assumes the other owns them. Stand up coordination for your migration plans.

Lessons To Come From The NIST Pilot Will Shape Expectations

The EO directs NIST to initiate a PQC migration pilot within 180 days on an appropriate subset of NIST-owned or NIST-operated information systems and complete it no later than December 31, 2027.

What this means: This pilot will likely influence how agencies understand feasible scope, migration sequencing, validation methods, and implementation risks. Federal security leaders should track the pilot closely because it may become an important reference point for what good execution looks like.

There Are Deadlines And Not Necessarily Dollars To Match

The order is to be implemented “subject to the availability of appropriations,” and its procurement section leans on cost savings through cloud migration, shared procurement of PQC tools, joint training, and centralized technical support rather than new funding.

What this means: In the absence of a dedicated funding stream, the migration will compete against everything else in your security budget. Plan to draw on the shared procurement and training vehicles the order sets up rather than standing up your own. Understand where your vendors’ quantum migration work will reduce what you need to do yourselves.

The Clock Has Started

Forrester clients can check out the full initiative blueprint to help drive their quantum security migration, or schedule a guidance session or inquiry with us.