[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Network Security](https://www.paloaltonetworks.com/cyberpedia/network-security?ts=markdown) 3. [A Complete Guide to Post-Quantum Cryptography Standards](https://www.paloaltonetworks.com/cyberpedia/pqc-standards?ts=markdown) Table of contents * [What qualifies as a PQC standard?](#what-qualifies-as-a-pqc-standard) * [What is post-quantum cryptography (PQC)?](#what-is-post-quantum-cryptography-pqc) * [What PQC standards exist today?](#what-pqc-standards-exist-today) * [How do global standards and policies differ on PQC?](#how-do-global-standards-and-policies-differ-on-pqc) * [What are the standard algorithms for PQC?](#what-are-the-standard-algorithms-for-pqc) * [What is the role of hybrid cryptography in current standards?](#what-is-the-role-of-hybrid-cryptography-in-current-standards) * [What is the timeline for PQC adoption?](#what-is-the-timeline-for-pqc-adoption) * [What should organizations do now to stay compliant?](#what-should-organizations-do-now-to-stay-compliant) * [PQC standards FAQs](#pqc-standards-faqs) # A Complete Guide to Post-Quantum Cryptography Standards 5 min. read Table of contents * [What qualifies as a PQC standard?](#what-qualifies-as-a-pqc-standard) * [What is post-quantum cryptography (PQC)?](#what-is-post-quantum-cryptography-pqc) * [What PQC standards exist today?](#what-pqc-standards-exist-today) * [How do global standards and policies differ on PQC?](#how-do-global-standards-and-policies-differ-on-pqc) * [What are the standard algorithms for PQC?](#what-are-the-standard-algorithms-for-pqc) * [What is the role of hybrid cryptography in current standards?](#what-is-the-role-of-hybrid-cryptography-in-current-standards) * [What is the timeline for PQC adoption?](#what-is-the-timeline-for-pqc-adoption) * [What should organizations do now to stay compliant?](#what-should-organizations-do-now-to-stay-compliant) * [PQC standards FAQs](#pqc-standards-faqs) 1. What qualifies as a PQC standard? * [1. What qualifies as a PQC standard?](#what-qualifies-as-a-pqc-standard) * [2. What is post-quantum cryptography (PQC)?](#what-is-post-quantum-cryptography-pqc) * [3. What PQC standards exist today?](#what-pqc-standards-exist-today) * [4. How do global standards and policies differ on PQC?](#how-do-global-standards-and-policies-differ-on-pqc) * [5. What are the standard algorithms for PQC?](#what-are-the-standard-algorithms-for-pqc) * [6. What is the role of hybrid cryptography in current standards?](#what-is-the-role-of-hybrid-cryptography-in-current-standards) * [7. What is the timeline for PQC adoption?](#what-is-the-timeline-for-pqc-adoption) * [8. What should organizations do now to stay compliant?](#what-should-organizations-do-now-to-stay-compliant) * [9. PQC standards FAQs](#pqc-standards-faqs) PQC standards are formal documents that specify which post‑quantum algorithms are approved, how they must be implemented, and what requirements guide their use in real systems. They include algorithm definitions, deployment instructions, validation criteria, and migration guidance. PQC standards also ensure organizations adopt quantum‑resistant cryptography in a consistent, compliant way. ## What qualifies as a PQC standard? ![Bold black text at the top reads 'What a PQC standard actually means' followed by a smaller subtitle in parentheses reading 'and what it's often confused with.' The layout is split into a wide left panel and a narrower right panel. The left panel has a rounded rectangle containing a large icon of a document and the heading 'The official meaning:' in bold. Text below explains that a PQC standard is a formal document issued by a government or international body to guide post-quantum cryptography adoption. Three small gray boxes underneath display icons and short labels: 'Establish approved algorithms,' 'Define deployment methods,' and 'Provide testing or compliance rules.' At the bottom left, three pill-shaped labels list examples: 'FIPS 203 (ML-KEM),' 'SP 800-208 (LMS/XMSS),' and 'RFC 9794 (hybrid KEM terminology).' On the right side, an orange sidebar titled 'Common misuses \& conflations' contains two boxed sections. The first box, labeled 'Misuse #1,' is titled 'Confusing algorithm specs with implementation standards' with text noting that ML-KEM is an algorithm and FIPS 203 is the standard. The second box, labeled 'Misuse #2,' is titled 'Treating informal guidance as finalized mandates' with text explaining that drafts like SP 800-227 or ETSI specs may guide adoption but are not enforceable.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/pqc-standards/What-a-PQC-standard-actually-means.png "Bold black text at the top reads 'What a PQC standard actually means' followed by a smaller subtitle in parentheses reading 'and what it's often confused with.' The layout is split into a wide left panel and a narrower right panel. The left panel has a rounded rectangle containing a large icon of a document and the heading 'The official meaning:' in bold. Text below explains that a PQC standard is a formal document issued by a government or international body to guide post-quantum cryptography adoption. Three small gray boxes underneath display icons and short labels: 'Establish approved algorithms,' 'Define deployment methods,' and 'Provide testing or compliance rules.' At the bottom left, three pill-shaped labels list examples: 'FIPS 203 (ML-KEM),' 'SP 800-208 (LMS/XMSS),' and 'RFC 9794 (hybrid KEM terminology).' On the right side, an orange sidebar titled 'Common misuses & conflations' contains two boxed sections. The first box, labeled 'Misuse #1,' is titled 'Confusing algorithm specs with implementation standards' with text noting that ML-KEM is an algorithm and FIPS 203 is the standard. The second box, labeled 'Misuse #2,' is titled 'Treating informal guidance as finalized mandates' with text explaining that drafts like SP 800-227 or ETSI specs may guide adoption but are not enforceable.") Not all post-quantum cryptography (PQC) guidance is created equal. Some documents define algorithms. Others explain how to use them. Others still provide migration timelines or validation requirements. So when we talk about standards, what are we really referring to? In post-quantum cryptography, standards are formal documents issued by government or international bodies. They serve one or more purposes: * Establish approved algorithms * Define how to deploy those algorithms in real systems * Provide testing rules, compliance frameworks, or policy mandates for national security systems They all count as standards because they formally shape how organizations adopt and implement PQC. ## What is post-quantum cryptography (PQC)? Post-quantum cryptography is about preparing for what happens when quantum computers can break today's encryption. Not just in theory---but in practice. PQC refers to cryptographic systems that are designed to resist attacks from cryptographically relevant quantum computers. In other words, systems that can't be broken by algorithms like Shor's once quantum hardware scales. ![Infographic titled 'Post-quantum cryptography explained'. The diagram is divided into five horizontal sections labeled Part 1 through Part 4, with a concluding takeaway bar. Part 1, labeled 'The problem', contains two red boxes: one labeled 'RSA \& ECC today' with text 'Secure against classical computers by using factoring and discrete logarithms', and the other labeled 'Quantum threat' with text 'Shor's algorithm on a quantum computer could break RSA and ECC'. Part 2, labeled 'The solution', shows a blue box reading 'Post-quantum cryptography (PQC)' with text 'New encryption methods based on math problems that remain hard for both classical and quantum computers'. Part 3, labeled 'Algorithm families', presents three purple boxes. The first, 'Lattice-based', reads 'Foundation of ML-KEM \& ML-DSA; uses high-dimensional algebraic structures'. The second, 'Hash-based', reads 'Relies on secure one-way hash functions; basis of SPHINCS+'. The third, 'Multivariate', reads 'Uses polynomial equations; still in research stages'. Part 4, labeled 'NIST standards', includes three gray circular icons with accompanying text: 'ML-KEM (FIPS 203) Standard for key establishment', 'ML-DSA (FIPS 204) Standard for digital signatures', and 'SLH-DSA (FIPS 205) Stateless hash-based digital signature scheme'. A dark gray bar at the bottom labeled 'Takeaway' contains the statement 'PQC is the standards-led path forward — practical and deployable today'.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/pqc-standards/Post-quantum-cryptography-explained.png) That definition spans three layers: 1. Algorithms 2. Standards that formally approve them 3. Frameworks that guide implementation and compliance The goal of PQC is simple. Replace vulnerable algorithms before attackers can decrypt what's encrypted today. That's why migration has already started. ***Note:*** *PQC is not the same as quantum key distribution (QKD). QKD uses physics to detect eavesdroppers in key exchange. PQC does not. It relies entirely on mathematically hard problems that remain difficult even for quantum systems.* | ***Further reading:*** * [*What Is Post-Quantum Cryptography (PQC)? A Complete Guide*](https://www.paloaltonetworks.com/cyberpedia/what-is-post-quantum-cryptography-pqc) * [*Harvest Now, Decrypt Later (HNDL): The Quantum-Era Threat*](https://www.paloaltonetworks.com/cyberpedia/harvest-now-decrypt-later-hndl) * [*What Is Quantum Key Distribution (QKD)? Overview*](https://www.paloaltonetworks.com/cyberpedia/quantum-key-distribution-qkd) ## What PQC standards exist today? Post-quantum cryptography doesn't rely on just one standard. It's a full ecosystem. Again, different documents serve different roles. Some define algorithms, others enable migration, and others shape protocol integration or validation pathways. Knowing what exists, and what stage each standard is in, helps determine readiness and plan compliant adoption. Here's how today's key PQC standards break down: | Post-quantum cryptography (PQC) standards at a glance | |-------------------------------------------------------| | Standard name | Governing body | Focus | Status | Use case focus | |----------------------------------------------------------------------------------------------------------------|----------------|-------------------------------------------------------------------------------------|-------------------------------------------|--------------------------------------------------------------------------| | [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) | NIST | Key encapsulation (ML-KEM) | Final | General-purpose key exchange | | [FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) | NIST | Digital signatures (ML-DSA) | Final | General-purpose authentication | | [FIPS 205](https://csrc.nist.gov/pubs/fips/205/final) | NIST | Stateless hash-based signatures (SLH-DSA) | Final | Fallback digital signature use | | **FIPS 206** | NIST | FN-DSA (Falcon) | Initial public draft in development | Compact lattice-based signatures (good for constrained environments) | | [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final) | NIST | Stateful hash-based signatures (LMS, XMSS) | Final | Firmware and software signing | | [SP 1800-38]() | NIST (NCCoE) | Migration to PQC | Preliminary draft / ongoing NCCoE project | Practical migration guidelines | | [SP 800-56C Rev. 2](https://csrc.nist.gov/pubs/sp/800/56/c/r2/final) | NIST | Key derivation for key-establishment schemes (can combine multiple shared secrets) | Final | General key derivation for classical and hybrid key exchange | | [SP 800-227](https://csrc.nist.gov/pubs/sp/800/227/final) | NIST | Recommendations for key-encapsulation mechanisms (including ML-KEM and future KEMs) | Final | KEM selection, parameter sets, and transition considerations | | [ISO/IEC 23837-1:2023](https://www.iso.org/standard/77097.html) | ISO/IEC | Security requirements and evaluation methods for QKD modules | Final | Assurance for QKD deployments within a broader quantum-safe architecture | | [ETSI TS 103 744](https://www.etsi.org/deliver/etsi_ts/103700_103799/103744/01.02.01_60/ts_103744v010201p.pdf) | ETSI | Hybrid key exchange constructions | Final | European guidance on migration strategies | | [RFC 9794](https://www.rfc-editor.org/rfc/rfc9794.html) | IETF | Terminology for post-quantum/traditional schemes | Informational (final) | Shared language for hybrid schemes | ***Note:*** *Even if a standard is marked "final," real-world implementation often depends on supporting guidance or protocol updates. That's why understanding the entire standardization landscape---not just the algorithms---is essential.* ## How do global standards and policies differ on PQC? Not every country is adopting the same PQC roadmap. Some focus on speed. Others prioritize flexibility, resilience, or local cryptographic independence. That's why alignment is limited. And implementation looks different depending on where you operate. Understanding those differences matters. Especially for organizations operating across regions or trying to deploy standards-compliant cryptography at scale. Here's how the major standards bodies currently approach PQC: | Global summary of PQC algorithms and policy guidance | |------------------------------------------------------| | Country/Agency | Recommended/Accepted KEMs | Recommended/Accepted signatures | Hybrid policy | Special notes | |---------------------------|-------------------------------------------|-------------------------------------------------|--------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------| | **U.S. (NIST, CNSA 2.0)** | ML-KEM-1024 | ML-DSA-87, LMS/XMSS | Hybrid key establishment allowed during transition; long-term goal is pure CNSA 2.0 PQC for NSS. | Pure PQC required by 2035 for NSS. | | **UK (NCSC)** | ML-KEM-768 | ML-DSA-65, SLH-DSA, LMS/XMSS | Allowed as interim only. | Prefers pure PQC where feasible. | | **Germany (BSI)** | ML-KEM-768/1024, FrodoKEM, McEliece | ML-DSA (3 \& 5), SLH-DSA, LMS/XMSS | Recommended (except HBS). | Endorses multi-tree variants for long-term signatures. | | **France (ANSSI)** | ML-KEM-768/1024, FrodoKEM | ML-DSA, SLH-DSA, FN-DSA, LMS/XMSS | Recommended. | Supports stateful and stateless hash-based signatures. | | **Netherlands (NLNCSA)** | ML-KEM-1024, FrodoKEM, McEliece | ML-DSA, SLH-DSA, LMS/XMSS, HSS | Recommended. | Accepts wide range of hash-based and structured schemes. | | **Canada (CCCS)** | ML-KEM | ML-DSA, SLH-DSA, LMS/HSS | Neutral. | No strong position on hybrid use. | | **Australia (ASD)** | ML-KEM-768 (until 2029), ML-KEM-1024 | ML-DSA-65 (until 2029), ML-DSA-87 | Not recommended. | Favors pure PQC by 2030. | | **Korea** | NTRU-HRSS, SMAUGT | HAETAE, AlMar | Not published. | National algorithm suite differs from NIST. | | **China** | National PQC candidates under development | National PQC signature schemes under evaluation | Not publicly specified. | Continues domestic ECC (e.g., SM2) for classical crypto while developing separate PQC standards. | | **EU Commission** | ML-KEM and others based on ETSI guidance | ML-DSA, SLH-DSA, LMS/XMSS | Recommended. | Encourages member states to adopt by 2030. | Most countries now accept ML-KEM in some form, creating a de facto baseline for interoperability. Signature algorithm preferences differ more widely. While some authorities endorse stateless schemes like SLH‑DSA, others mandate stateful options such as LMS or XMSS, which require strict state management to avoid key reuse. Hybrid cryptography policies also differ. Some governments allow or recommend it as a temporary bridge. Others, like the U.S., discourage it in favor of fully post-quantum systems. ***Note:*** *Misaligned standards increase the complexity of PQC adoption. Organizations may need to support multiple algorithms, manage regional compliance differences, and tailor deployments based on where and how cryptography is used.* ## What are the standard algorithms for PQC? Standards aren't just about guidance. They also name the specific cryptographic algorithms that meet post-[quantum security](https://www.paloaltonetworks.com/cyberpedia/what-is-quantum-security) requirements. These are the building blocks. And each one is designed to resist attacks from cryptographically relevant quantum computers. There are two core categories: key establishment and digital signatures. Some algorithms are already standardized. Others are still in review or regionally accepted. And parameter sets matter because different use cases may call for different security levels. Let's break them down. | ***Further reading:** [Brief: Cryptographically Relevant Quantum Computers (CRQC)](https://www.paloaltonetworks.com/cyberpedia/crqcs-cryptographically-relevant-quantum-computers)* | Standardized and proposed PQC algorithms by type and use | |----------------------------------------------------------| | Algorithm | Type | Standard | Recommended use | |------------------|-------------------|-------------------------------------------|--------------------------------------------| | ML-KEM | Key encapsulation | FIPS 203 | General-purpose key exchange | | FrodoKEM | Key encapsulation | Not standardized by NIST | Regional use in EU; conservative fallback | | Classic McEliece | Key encapsulation | Not standardized by NIST | Code-based alternative with large keys | | HQC (planned) | Key encapsulation | NIST backup KEM (standard in development) | Future fallback option | | ML-DSA | Signature | FIPS 204 | General-purpose digital signatures | | SLH-DSA | Signature | FIPS 205 | Stateless fallback signature scheme | | LMS/XMSS | Signature | SP 800-208 | Firmware signing; long-lived trust anchors | | FN-DSA | Signature | Under evaluation | Potential future addition | ## What is the role of hybrid cryptography in current standards? Most organizations won't flip a switch and go fully post-quantum overnight. That's where hybrid cryptography comes in. Hybrid cryptography combines classical and post-quantum algorithms. The goal is resilience: even if one algorithm is later broken, the other still provides security. That makes hybrids a useful transitional tool during migration. ![Chart titled 'Why organizations are turning to hybrid cryptography' divided into four colored quadrants surrounding a central circular icon with an abstract network symbol. The top left orange box is labeled 'Redundancy \& resilience' with the text 'Remains secure if one algorithm fails or is broken.' The top right blue box reads 'Migration readiness' with the text 'Enables a gradual shift toward post-quantum cryptography.' The bottom left light blue box is labeled 'Interoperability' with the text 'Bridges classical and post-quantum systems without disruption.' The bottom right teal box reads 'Protection from harvest now, decrypt later' with the text 'Keeps sensitive data secure against future quantum decryption.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/pqc-standards/Why-organizations-are-turning-to-hybrid-cryptography.png "Chart titled 'Why organizations are turning to hybrid cryptography' divided into four colored quadrants surrounding a central circular icon with an abstract network symbol. The top left orange box is labeled 'Redundancy & resilience' with the text 'Remains secure if one algorithm fails or is broken.' The top right blue box reads 'Migration readiness' with the text 'Enables a gradual shift toward post-quantum cryptography.' The bottom left light blue box is labeled 'Interoperability' with the text 'Bridges classical and post-quantum systems without disruption.' The bottom right teal box reads 'Protection from harvest now, decrypt later' with the text 'Keeps sensitive data secure against future quantum decryption.'") But regional policies vary: * NIST permits hybrid key exchange using schemes like ML-KEM + X25519, but it doesn't yet support hybrid signatures. * Meanwhile, other authorities---especially in Europe---recommend hybrid adoption as a practical interim step. Some even encourage hybrid TLS deployments now. Here's how different regions approach hybrid cryptography: | Regional positions on hybrid cryptography | |-------------------------------------------| | Region | Policy stance | |------------------------------|-----------------------------------------------------------| | **U.S. (CNSA 2.0)** | Allowed for key exchange only; discouraged for signatures | | **UK (NCSC)** | Permitted as interim for both KEM and signatures | | **EU (ETSI, EU Commission)** | Recommended during migration | | **Germany (BSI)** | Endorsed with caution | | **France (ANSSI)** | Supports both hybrid KEM and signatures | | **Canada (CCCS)** | Neutral stance | | **Australia (ASD)** | Discourages hybrid long-term use | Hybrid crypto is a bridge. Not a destination. The goal remains full PQC adoption. But in the meantime, it helps reduce risk, preserve interoperability, and give implementers time to transition. | ***Further reading:** [What Is Hybrid Cryptography? | The Bridge to Post-Quantum Security](https://www.paloaltonetworks.com/cyberpedia/what-is-hybrid-cryptography)* ## What is the timeline for PQC adoption? ![Chart titled 'Global quantum readiness timelines'. A horizontal infographic compares post-quantum cryptography migration milestones for the USA, UK, and EU, each shown with a colored country silhouette and vertical timeline. Under a bold heading, text reads 'Governments worldwide are converging on quantum migration milestones targeting full PQC implementation by the mid-2030s' with a subheading explaining that timelines differ in pace but are coordinated through aligned standards and mandates. On the left, a dark-blue map of the United States labeled 'USA (NSM-10 / NIST / CISA)' lists milestones: 2024, NIST finalizes FIPS 203 (ML-KEM), 204 (ML-DSA), and 205 (SLH-DSA); 2025–2027, agencies inventory cryptographic systems and submit migration roadmaps; 2030, early PQC deployment in federal systems; and 2035, full migration across federal infrastructure. Centered, a light-blue outline of the United Kingdom labeled 'UK (UK NCSC)' shows milestones: 2028, complete cryptographic discovery and migration planning; 2031, begin early migrations across government and key sectors; and 2035, full transition across systems and supply chains. On the right, a navy-blue map of Europe labeled 'EU (ENISA / ETSI)' lists milestones: 2025–2027, Member States adopt NIST-aligned algorithms; 2030, harmonization of standards across critical sectors; and 2035, EU-wide interoperability of quantum-safe encryption. Notes appear beneath each column indicating NSM-10 establishes phased U.S. milestones, the UK is aligned with U.S. targets, and ENISA emphasizes cross-border consistency and shared infrastructure security.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/pqc-standards/Global-quantum-readiness-timelines.png) PQC adoption isn't theoretical anymore. It's underway. Standards are only part of the equation. Timelines drive urgency. And while some deadlines are fixed, others are only guidelines. Understanding who's mandating what, and when, is key to staying ahead of compliance risk. | PQC standardization and migration timeline | |--------------------------------------------| | Milestone | Year | Who | |---------------------------------------------------|------------|------------------------| | First PQC algorithms selected for standardization | 2022 | NIST | | First FIPS finalized (203--205) | 2024 | NIST | | CNSA 2.0 migration begins | 2025 | NSA | | Final NIST KEM recommendations (SP 800-227) | 2025--2026 | NIST | | Hybrid TLS deployment expands | 2025+ | Global (IETF, vendors) | | Recommended deprecation of classical PKC | 2030 | NIST, ASD | | Classical algorithms disallowed in NSS | 2035 | CNSA 2.0 | **The U.S.** has the clearest deadlines. CNSA 2.0 sets a hard requirement: pure post-quantum algorithms must be in place by 2035 for national security systems. The initial migration is already underway for key exchange and firmware signing. **Australia** follows a similar path. ASD recommends eliminating classical public-key crypto by 2030. **Europe** is moving, but less rigidly. ETSI encourages hybrid adoption and full PQC integration by 2035, but doesn't enforce exact cutoff dates ***Note:*** *Even when timelines are labeled as recommendations, major vendors---including cloud providers, security platforms, and software and hardware companies that implement cryptography---often treat them as deadlines. Which means most organizations will feel the pressure well before enforcement begins.* | ***Further reading:** [What Is Q-Day, and How Far Away Is It---Really?](https://www.paloaltonetworks.com/cyberpedia/what-is-q-day)* ## What should organizations do now to stay compliant? ![Bold black text at the top reads 'PQC readiness checklist: 5 steps to stay compliant.' A vertical line runs down the center with five green check-mark circles placed along it, each corresponding to paired text blocks on the left and right. On the right side, the top item is titled 'Inventory cryptographic assets' in dark green, with smaller text describing mapping all crypto in use across systems and devices, followed by a gray pill-shaped label reading 'Refer to: NIST SP 800-175B.' The second right-side item is titled 'Enable crypto-agility' with text advising avoidance of hardcoded algorithms and building flexibility to swap crypto components, accompanied by a gray label reading 'Refer to: SP 800-131A Rev. 3 (draft).' The third right-side item reads 'Check regional guidance' with details about varying regulations across international bodies and a gray label reading 'Refer to: Regional guidance.' On the left side, the top item is titled 'Map assets to affected protocols' with text identifying where public-key crypto is used and a gray label reading 'Refer to: SP 800-175B, SP 800-131A Rev. 2.' The middle-left item is titled 'Test hybrid deployments' with text suggesting trial use of ML-KEM or ML-DSA combinations and a gray label reading 'Refer to: SP 800-56C Rev. 2, RFC 9794.' All text is arranged in alternating left-right alignment along the central column of check-mark icons.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/pqc-standards/PQC-readiness-checklist.png "Bold black text at the top reads 'PQC readiness checklist: 5 steps to stay compliant.' A vertical line runs down the center with five green check-mark circles placed along it, each corresponding to paired text blocks on the left and right. On the right side, the top item is titled 'Inventory cryptographic assets' in dark green, with smaller text describing mapping all crypto in use across systems and devices, followed by a gray pill-shaped label reading 'Refer to: NIST SP 800-175B.' The second right-side item is titled 'Enable crypto-agility' with text advising avoidance of hardcoded algorithms and building flexibility to swap crypto components, accompanied by a gray label reading 'Refer to: SP 800-131A Rev. 3 (draft).' The third right-side item reads 'Check regional guidance' with details about varying regulations across international bodies and a gray label reading 'Refer to: Regional guidance.' On the left side, the top item is titled 'Map assets to affected protocols' with text identifying where public-key crypto is used and a gray label reading 'Refer to: SP 800-175B, SP 800-131A Rev. 2.' The middle-left item is titled 'Test hybrid deployments' with text suggesting trial use of ML-KEM or ML-DSA combinations and a gray label reading 'Refer to: SP 800-56C Rev. 2, RFC 9794.' All text is arranged in alternating left-right alignment along the central column of check-mark icons.") Standards are finalized. Timelines are published. Which means: the pressure is on. Organizations need to act before migration bottlenecks, audit gaps, or vendor lag create risk exposure. Here's what to prioritize now: 1. **Inventory your cryptographic assets** You can't replace what you haven't mapped. Start by identifying all systems, protocols, and libraries that use cryptography. Especially in TLS endpoints, [VPNs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-vpn), email systems, and embedded firmware. **Refer to:** NIST SP 800-175B 2. **Map assets to affected protocols** Focus on the protocols most at risk: TLS, IKE, S/MIME, and code signing. These depend on public-key cryptography, which quantum computers will break first. **Refer to:** NIST SP 800-175B, SP 800-131A Rev. 2 3. **Enable crypto-agility wherever possible** Hardcoded algorithms will slow your migration. Design systems to support swapping cryptographic components without rewriting application logic. **Refer to:** NIST SP 800-131A Rev. 3 (draft) 4. **Start testing ML-KEM and ML-DSA in hybrid deployments** Don't wait for production deadlines. Hybrid combinations like ML-KEM + X25519 or ML-DSA with fallback can help validate early compatibility. **Refer to:** SP 800-56C Rev. 2, RFC 9794 5. **Monitor your local authority's guidance** Each country's path looks different. Check BSI, ANSSI, CCCS, ASD, and others for region-specific requirements that may go beyond NIST. **Refer to:** Regional guidance (BSI, ANSSI, ASD, CCCS, etc.) Staying compliant with PQC standards isn't just about paperwork. It's about building resilience before timelines harden and options disappear. | ***Further reading:*** * [*Quantum Readiness: What It Means and How to Achieve It*](https://www.paloaltonetworks.com/cyberpedia/quantum-readiness) * [*Cryptographic Agility: The Key to Quantum Readiness*](https://www.paloaltonetworks.com/cyberpedia/what-is-cryptographic-agility) ![Quantum assessment icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-quantum-security/icon-quantum-readiness.svg) Get your quantum readiness assessment The assessment includes: * Overview of your cryptographic landscape * Quantum-safe deployment recommendations * Guidance for securing legacy apps \& infrastructure ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Get my assessment](https://www.paloaltonetworks.com/resources/ebooks/quantum-security#assessment) ## PQC standards FAQs ### What are the standards for PQC? Post-quantum cryptography standards define approved algorithms, deployment methods, validation processes, and compliance requirements. Key standards include FIPS 203--205, SP 800‑208, SP 800‑227, ISO/IEC 23837-1, ETSI TS 103 744, and RFC 9794. ### What is PQC readiness? PQC readiness refers to an organization's preparedness to adopt post-quantum cryptography. It includes asset discovery, protocol mapping, crypto-agility, hybrid testing, and alignment with applicable standards and timelines. ### What are the official standards for post-quantum cryptography? Official PQC standards include FIPS 203 (ML‑KEM), FIPS 204 (ML‑DSA), FIPS 205 (SLH‑DSA), and SP 800‑208 (LMS/XMSS), plus guidance like SP 800‑227 and hybrid-focused documents such as RFC 9794 and ETSI TS 103 744. ### When do organizations need to comply with PQC standards? CNSA 2.0 requires pure post-quantum algorithms by 2035 for U.S. national security systems. Australia targets 2030. Other regions recommend hybrid use or offer voluntary guidance, but major vendors are moving sooner. ### Which algorithms are approved under PQC standards? Standardized algorithms include ML‑KEM (FIPS 203), ML‑DSA (FIPS 204), SLH‑DSA (FIPS 205), and LMS/XMSS (SP 800‑208). FN‑DSA and HQC are under development. FrodoKEM and Classic McEliece are regionally accepted in some countries. ### Are hybrid cryptography standards part of PQC? Yes. Hybrid standards like SP 800‑56C Rev. 2 and RFC 9794 define how to combine classical and post-quantum algorithms. Adoption varies globally, with some regions encouraging hybrids and others discouraging them. ### Do PQC standards vary by country or region? Yes. NIST, BSI, ANSSI, ASD, and other agencies differ on algorithms, parameter sets, and hybrid use. ML‑KEM is broadly accepted, but signature and policy preferences vary, requiring region-specific compliance. Related content [YouTube playlist: A CISO's Guide to Quantum Security Binge a 6-video series breaking down why quantum computing is closer than you think but not as difficult.](https://www.youtube.com/playlist?list=PLqATPiC_Bcl8ZGx_EAxQHq0PKa2ii6pNE) [Podcast: Threat Vector | Is the Quantum Threat Closer Than You Think? Hear how to start your transition to quantum-resistant cryptography now.](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-is-the-quantum-threat-closer-than-you-think) [Podcast: Packet Pushers | The Why and How of Making Your Infrastructure Quantum-Safe Get the facts on making your organization post-quantum safe.](https://packetpushers.net/podcasts/heavy-networking/hn796-the-why-and-how-of-making-your-infrastructure-quantum-safe-sponsored/) [Interactive experience: Is Your Organization Ready for a Quantum-Safe Future? Dive into an immersive overview on quantum threats, PQC, and NIST's new standards.](https://www.paloaltonetworks.com/resources/ebooks/quantum-security) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=A%20Complete%20Guide%20to%20Post-Quantum%20Cryptography%20Standards&body=PQC%20standards%20define%20approved%20post-quantum%20algorithms%2C%20how%20to%20implement%20them%2C%20and%20the%20requirements%20for%20secure%20deployment.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/pqc-standards) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language