The Pentagon is preparing to make its defense contractors adopt encryption designed to withstand future quantum computers, according to DefenseScoop.
The outlet reports that the Defense Department wants to fold post-quantum cryptography, or PQC, requirements into its Cybersecurity Maturity Model Certification program, known as CMMC. That program sets the cybersecurity standards companies must meet to win and keep defense contracts, so building PQC into it would effectively push the requirement across the department's industrial base.
Post-quantum cryptography refers to a new generation of encryption meant to resist attacks from quantum computers, which are expected to eventually break much of the encryption that protects sensitive data today. The concern driving the effort is that adversaries could steal encrypted information now and decrypt it later once the technology matures.
But DefenseScoop notes a significant catch. Experts warn that both industry and the underlying technology are far from ready, suggesting the directive may run ahead of what contractors can realistically implement in the near term.
The report frames this as a tension between urgency and readiness: the department sees a looming security threat, while the companies expected to comply, and the tools they would rely on, are still catching up.
Why it matters: how the Pentagon phases in these rules will shape the cost, timeline, and cyber defenses of the thousands of companies that handle sensitive U.S. defense data.