Workshops Government PQC Standards Compliance for Government
Government Full Day Workshop

Post-Quantum Cryptography Standards Compliance for Government

This workshop equips government regulators, standards representatives, and procurement leads with the detailed knowledge needed to implement NIST, ETSI, and CNSA 2.0 post-quantum cryptography requirements.

Full day (6 hours + Q&A)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

NIST published three post-quantum cryptography standards in August 2024: FIPS 203 (ML-KEM for key encapsulation), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA for stateless hash-based signatures). A fourth standard, FIPS 206 (FN-DSA based on NTRU lattices), is in draft. The NSA has updated the CNSA 2.0 suite to mandate ML-KEM-1024 and ML-DSA-87 for national security systems, with a 2025 preference date and 2030 hard requirement. ETSI has published migration strategies (TR 103 619) and is updating its electronic signature suites (TS 119 312) to include PQC algorithms. National agencies including ANSSI and BSI have published their own guidance, which does not always align with NIST.

Government regulators and procurement leads must navigate this multi-layered standards landscape. They need to understand which algorithms are approved for which use cases, where standards diverge between jurisdictions, and how to embed PQC requirements into procurement frameworks and compliance assessments. This workshop covers each standard in technical detail sufficient for writing procurement specifications and compliance requirements, compares the approaches of different standards bodies, and provides practical tools for government PQC standards implementation including model contract language and GovAssure alignment guidance.

What participants cover

  • NIST FIPS 203/204/205: ML-KEM, ML-DSA, and SLH-DSA algorithm specifications, parameter sets, and government use case guidance
  • Draft FIPS 206 (FN-DSA): NTRU lattice signatures, compact sizes, timeline, and the wait-or-proceed decision for government systems
  • ETSI quantum-safe specifications: TS 119 312 signature suites, TR 103 619 migration strategies, and e-ID implications
  • CNSA 2.0 algorithm suite: ML-KEM-1024, ML-DSA-87, LMS/XMSS for firmware, mandatory hybrid key exchange, and Five Eyes interoperability
  • National agency divergence: where ANSSI, BSI, and NCSC recommendations differ from NIST on algorithm selection and hybrid approaches
  • Government procurement integration: CCS framework PQC specifications, GovAssure alignment, and model contract clauses

Preliminary Agenda

Full Day Workshop structure with scheduled breaks. Content is configurable to your government department's procurement frameworks, existing cryptographic estate, and regulatory jurisdiction.

# Session Topics
1 The PQC Standards Landscape for Government What has been finalised, what is in draft, and what is coming
2 NIST FIPS 203, 204, 205, and Draft 206 Algorithm specifications, parameter sets, and government procurement implications
  • FIPS 203 (ML-KEM): Module-LWE key encapsulation, parameter sets (512/768/1024), key sizes, encapsulation performance, and government network throughput impact
  • FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA): lattice-based versus hash-based digital signatures, when government systems should use which, and the signature size trade-off
  • Draft FIPS 206 (FN-DSA): NTRU lattice-based signatures, compact signature sizes, timeline to finalisation, and whether to wait or proceed with ML-DSA
Break, after 50 min
3 ETSI and European Standards Framework ETSI QSC, ANSSI, BSI, and the EU Cybersecurity Act
  • ETSI TS 119 312: cryptographic suites for qualified electronic signatures and seals, PQC algorithm inclusion and government e-ID implications
  • ETSI TR 103 619: migration strategies for quantum-safe schemes, recommended hybrid approaches for government systems
  • National agency guidance: ANSSI (France) TR on PQC, BSI (Germany) Technical Guideline TR-02102, and their divergence from NIST recommendations
4 Interactive Demonstration: Standards Compliance Assessment Full-day format only
  • Running a compliance gap analysis against FIPS 203/204/205, ETSI TS 119 312, and CNSA 2.0 requirements simultaneously
  • Mapping a government IT estate to identify which systems require which PQC algorithms and parameter sets
  • Drafting PQC requirements for a government procurement specification using CCS framework language
Break, after 60 min
5 CNSA 2.0 and Allied Nation Requirements NSA algorithm suite and Five Eyes interoperability
  • CNSA 2.0 algorithm suite: ML-KEM-1024 for key establishment, ML-DSA-87 for digital signatures, LMS/XMSS for firmware signing, and the mandatory hybrid requirement
  • CNSA 2.0 timeline: 2025 preference, 2030 requirement for national security systems; implications for allied nations that interoperate with US classified networks
  • Five Eyes interoperability: how UK, Canada, Australia, and New Zealand are aligning (or diverging from) CNSA 2.0 requirements in their government procurement
6 Government Procurement and Contract Framework Integration Embedding PQC standards into government buying
  • Crown Commercial Service frameworks: how to specify PQC compliance in G-Cloud, DOS, and Technology Services 4
  • GovAssure alignment: mapping PQC standards to the GovAssure assessment profile for government IT systems
  • Contract clauses: model PQC compliance language for government IT procurement, including cryptographic agility requirements
7 Q&A and Compliance Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and government cryptographic standards compliance.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

GS

Government Standards Partners

Domain expertise and compliance validation

Government standards workshops are co-delivered with specialists who have direct experience in NIST, ETSI, and national cryptographic standards bodies. This ensures workshop content reflects current standards interpretation and government procurement practice.

Commission This Workshop

Sessions are configured around your government department's procurement frameworks, existing cryptographic estate, and regulatory jurisdiction. Get in touch to discuss requirements and schedule a date.

Contact Us
Government Workshops All Consulting Services All Workshops