In April 2025, the U.S. National Institute of Standards and Technology (NIST) published a new white paper titled “Crypto Agility: Considerations for Migrating to Post-Quantum Cryptographic Algorithms”.
With this publication, NIST provides important guidance for companies, public authorities, and infrastructure operators seeking to prepare their cryptographic systems for future requirements—particularly for post-quantum cryptography (PQC).
The core message of the document: Crypto agility is no longer an optional design goal, but an operational necessity. Only those who can flexibly and reliably replace cryptographic components such as algorithms, keys, and protocols will be able to respond quickly to new threats or standards when the need arises.
Key recommendations in the NIST paper include
- establishing a comprehensive cryptographic inventory,
- introducing clear responsibilities and structured processes, and
- gradually preparing for the integration of quantum-resistant algorithms.
The paper emphasizes that systems being developed or modernized today should already be designed with agility and interchangeability in mind—especially in view of long product lifecycles in industrial environments or critical infrastructure.
This document provides not only technical guidance, but also sets international reference points for building future-proof cryptographic architectures.
Companies do not have to face this challenge alone. Specialized tools can offer targeted support:
essendi cd helps organizations build a cryptographic inventory through automated discovery and analysis of all certificates and cryptographic assets. In combination with essendi xc, certificate processes can also be automated—from issuance to renewal—enabling greater transparency, control, and real crypto agility.