NSA Commercial National Security Algorithm Suite 2.0
- Issuer
- National Security Agency(NSA)
- Effective date
- Sep 7, 2022
- Published date
- Sep 7, 2022
- Full text
- View full text →
Summary
NSA's Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) mandates transition timelines for National Security Systems (NSS) to post-quantum cryptographic algorithms. It supersedes CNSA 1.0 and establishes ML-KEM and ML-DSA as the required algorithms for NSS, with phased adoption milestones across firmware, software, and network equipment. The 2025 software and firmware deadline has passed; NSS networking equipment transitions are now active.
Milestones (3)
| Deadline | Label | Type | Hard | Notes |
|---|---|---|---|---|
| OVERDUEJan 1, 2025 | Software & Firmware: Begin PQC adoption | Begin Migration | NSS software and firmware must begin incorporating CNSA 2.0 algorithms. Deadline passed January 2025. | |
| OVERDUEJan 1, 2026 | Networking Equipment: Begin PQC adoption | Begin Migration | NSS networking equipment must begin CNSA 2.0 transition. Deadline passed January 2026. | |
| Jan 1, 2033 | All NSS: Full CNSA 2.0 compliance | Full Compliance | All National Security Systems must exclusively use CNSA 2.0 algorithms by 2033. |
Algorithm references (5)
- ML-KEMFIPS 203Required
Replaces: RSA, ECDH
Required for key establishment in NSS. ML-KEM-1024 mandated for TOP SECRET systems.
- ML-DSAFIPS 204Required
Replaces: RSA, ECDSA
Required for digital signatures in NSS. ML-DSA-87 (level 5) mandated for most applications.
- SLH-DSAFIPS 205Recommended
Replaces: RSA, ECDSA
Acceptable stateless alternative for firmware signing where the hash-based security proof is preferred.
- XMSSSP 800-208Recommended
Replaces: RSA, ECDSA
Approved for firmware and software signing in NSS where stateful operation is carefully managed.
- LMS / HSSSP 800-208Recommended
Replaces: RSA, ECDSA
Approved for firmware and software signing in NSS. Preferred stateful hash-based option for code signing use cases.
PKI Impact
HIGH
PKI Impact
HIGHCNSA 2.0 mandates replacement of RSA and ECDSA in National Security Systems with hard government deadlines, directly forcing re-issuance of all PKI trust anchors and end-entity certificates within scope. The 2025 software/firmware deadline has passed, meaning NSS operators must now demonstrate documented progress.
Migration guidance
- Inventory all X.509 certificates used in NSS environments — TLS endpoints, code-signing certificates, and CA certificates — and map each to its classical algorithm for prioritization.
- Replace ECDSA/RSA certificates with ML-DSA-signed equivalents; ML-DSA-87 (security level 5) is mandated for most NSS applications.
- Re-key Root CAs with ML-DSA key pairs and distribute updated trust anchors to all NSS endpoints before issuing subordinate PQC certificates.
- For firmware and software signing, evaluate LMS/HSS (NSA preferred) or SLH-DSA; implement stateful key management infrastructure before deploying LMS.
Trust chain considerations
- Root CAs operating in NSS must be re-keyed with ML-DSA; any existing ECDSA or RSA root will be non-compliant when the 2033 full-compliance deadline arrives.
- Intermediate and subordinate CAs must be re-issued under the new PQC root trust anchors — a cascading re-issuance of the entire subordinate hierarchy is required.
Changelog (4)
| Date | Type | Description |
|---|---|---|
| Jan 15, 2026 | Status | NSA confirmed CNSA 2.0 timelines remain in effect. The January 2025 software/firmware Begin Migration deadline passed; NSA noted that National Security System operators are expected to show documented progress toward CNSA 2.0 adoption. |
| Jan 1, 2026 | Status | Networking equipment BEGIN_MIGRATION deadline reached. NSS network equipment vendors required to have begun CNSA 2.0 transition. |
| Jan 1, 2025 | Status | Software and firmware BEGIN_MIGRATION deadline reached. NSS software and firmware vendors required to have begun CNSA 2.0 algorithm integration. |
| Sep 7, 2022 | New | CNSA 2.0 published, superseding CNSA 1.0. Introduced PQC algorithm requirements and transition timelines for NSS. |
Issuer
National Security AgencyNSA
Type: GOVERNMENT
Region: US