If you’re keeping up with post-quantum cryptography (PQC), here’s some big news: The U.S. National Institute of Standards and Technology (NIST) has released a fresh initial public draft of a Cybersecurity Whitepaper titled Considerations for Achieving Crypto-Agility. This whitepaper tackles the real-world challenges and trade-offs involved in cryptographic transitions and discusses key strategies for achieving crypto-agility—critical for PQC readiness.

The paper is meant to serve as pre-reading material for an upcoming NIST virtual workshop, where the cryptographic community will discuss crypto-agility considerations and shape the final version.

So, who should care about this? Pretty much anyone involved in cybersecurity—product and protocol designers, standards creators, software and hardware developers, security practitioners, IT admins, and policymakers. With NIST previously announcing aggressive timelines for PQC readiness, crypto-agility is a must, and this is your playbook to get to it.

The whitepaper breaks down crypto-agility in a way that’s easier to understand and implement. If you are short on time, here are the key highlights from the report that you need to know:

Jump right to the section that matters most to you:

1. First, what exactly is crypto-agility?
2. Why do these cryptographic transitions take so long?
3. Making security protocols crypto-agile
4. Building crypto-agility for applications
4. Key trade-offs and areas for improvement

1. First, What Exactly Is Crypto-Agility?

NIST defines cryptographic agility (crypto-agility) as the “capabilities needed to replace and adapt cryptographic algorithms in protocols, applications, software, hardware, and infrastructures without interrupting the flow of a running system in order to achieve resiliency.”

Earlier, NIST saw crypto-agility mainly as the ability to select or add new encryption algorithms (in their earlier definitions). But now, they take a broader and more nuanced view. Crypto-agility isn’t just about swapping out old encryption algorithms for something new. It’s about doing it seamlessly without breaking systems or losing compatibility. It involves having systems, protocols, software, and hardware that support multiple cryptographic algorithms and adapt flexibly to new ones as needed. And, because every implementation environment has its own unique considerations, crypto-agility must be adaptable enough to fit each one.

2. Why Do These Cryptographic Transitions Take So Long?

Cryptographic transitions are a necessary part of maintaining security, but they’re rarely smooth or quick. Every shift comes with its own set of challenges, and history proves just how complex these transitions can be.

NIST cites the example of moving from DES to AES to understand the full scope of complexity involved in cryptographic transitions. While AES was officially standardized in 2001, Triple DES wasn’t fully phased out until 2024—that’s over two decades! This highlights a critical reality: cryptographic transitions take time, often much longer than expected. We’ve witnessed the same with the transitions from SHA-1 to SHA-2 and TLS 1.1 to TLS 1.2 to TLS 1.3.

Here are some challenges that NIST identifies as major roadblocks in cryptography migrations:

• Backward compatibility and interoperability: When systems lack crypto-agility, weak algorithms stick around far longer than they should, putting security at risk. For example, despite its weaknesses and deprecation more than a decade ago, the SHA-1 hash function has remained in use for digital signatures due to interoperability and backward compatibility concerns, especially in protocols like TLS. Now, NIST has set a firm deadline: phase out SHA-1 completely by 2030. 
• Frequent Transitions: As computing power increases, so must key sizes to maintain security strength. But here’s the catch—if a device can’t upgrade to a larger key size during its lifetime, it must be replaced. Cryptographic systems that are not designed for future upgrades eventually lead to costly replacements. 
• Performance Impact: Switching to post-quantum algorithms isn’t just about stronger security—it also comes with resource and performance challenges. Many post-quantum algorithms require larger key sizes, signatures, and ciphertexts, which can strain networks, slow down transmissions, and impact encrypt/decrypt use cases.

3. Making Security Protocols Crypto-Agile

According to NIST, crypto-agility is achieved when a security protocol can smoothly transition from one cipher suite to another as needed. To make this possible, NIST suggests that security protocol implementations should be modular, allowing new algorithms to be easily integrated. There should also be a way to track when systems have moved from outdated algorithms to newer ones. With cryptographic standards constantly evolving, protocols must be built for flexibility—ensuring long-term security and interoperability.

NIST takes a hard look at current cryptographic practices and offers key recommendations to enhance crypto-agility in protocols:

• Clear Algorithm Identifiers: Protocol designers should use clear cipher suite or algorithm identifiers for algorithm identification to enable smoother transitions.
• Proactive Updates: Standards Developing Organizations (SDOs) must update mandatory-to-implement algorithms before they become too weak—without altering core protocols—to prevent security risks.
• Firm Deadlines: Organizations need to set strict timelines for retiring outdated algorithms, while groups like IETF and NIST should help coordinate transitions to maintain interoperability.
• Hybrid Cryptography: Despite its challenges, using hybrid algorithms that combine traditional and post-quantum cryptography (PQC) methods is essential for maintaining security and testing crypto-agility in evolving protocols.
• Balancing Security and Simplicity: Cipher suites should maintain consistent security strength across all algorithms while balancing performance. At the same time, simplifying protocol design reduces risks, streamlines testing, and ensures seamless cryptographic transitions.

4. Building Crypto-Agility for Applications

Crypto APIs help separate cryptographic algorithms from application logic, allowing applications to focus on their core features while cryptographic libraries handle encryption, signatures, hashing, and key establishment.

Crypto APIs simplify transitions between algorithms by letting applications make the same crypto API calls to either of the algorithms. To enable crypto-agility, NIST urges system designers to build flexible mechanisms that make replacing algorithms in software, hardware, and infrastructures easier. However, these mechanisms must be easy to use, well-documented, and backed by clear guidance to avoid complexity and implementation errors.

NIST also explores in detail a few use cases for using crypto APIs, such as:

• Using an API in a crypto library application
• Using APIs in the operating system kernel
• Hardware-based cryptography

5. Key Trade-Offs and Areas for Improvement

NIST views achieving crypto-agility as a collaborative effort among cryptographers, developers, implementers, and practitioners. For crypto-agility to be effective, security requirements must be specific for each implementation and application environment. NIST explores this by examining key trade-offs and identifying critical areas for future development. A few highlighted areas include:

• Resource Considerations

Crypto-agility is challenging due to resource constraints. Protocol designers must plan for future transitions with resource capacity in mind, hardware implementers must optimize with accelerators, and cryptographers must design algorithms that share subroutines. A fresh approach is needed to balance agility and efficiency.

• Agility-Aware Design

Crypto APIs make it easy to swap out vulnerable algorithms, but kernel-locked cryptographic functions make updates harder. NIST recommends enhancing API support within kernels and designing adaptable UIs, APIs, and system configurations that can improve crypto-agility.

• Maturity Assessment for Crypto-Agility

NIST highlights the need for a crypto-agility maturity model that can help organizations assess their readiness for cryptographic transitions. A concrete maturity model could drive adoption and improve resilience against evolving cryptographic threats. 

• Crypto-Agility Strategic Plan for Managing Crypto Risks

To help organizations continuously update their cryptographic systems to address emerging threats, technological shifts, and regulatory changes, NIST proposes a crypto-agility strategic plan. This plan involves: 

• • Strong Governance: Embedding crypto-agility into cybersecurity policies, ensuring clear communication of standards and risks for all stakeholders.
  • Asset Inventory: Identifying and tracking cryptographic usage across applications, software, hardware, and communication protocols.
  • Automation: Automating the identification, assessment, characterization, enforcement, and monitoring of crypto use across the assets. 
  • Risk-Based Prioritization: Mitigating weak cryptography first, guided by data-driven risk assessments.
  • Execution and Migration: Implement a strategy to transition assets smoothly or apply mitigation techniques for non-agile systems.

Through an in-depth exploration of the challenges within existing systems and the various new strategies organizations can adopt, NIST has established a solid roadmap for achieving crypto-agility. One thing is clear – the future of security depends on crypto-agility. The smartest move now is to take action, prepare for PQC migration, and future-proof your systems for the quantum era.

Is your PKI and certificate infrastructure ready for the shift? AppViewX AVX ONE CLM simplifies crypto-agility with end-to-end certificate lifecycle management, giving you comprehensive visibility, closed-loop automation, and complete policy control—all in one powerful solution.

Explore AVX ONE CLM or talk to one of our experts today to get started!

*** This is a Security Bloggers Network syndicated blog from AppViewX authored by Krupa Patil. Read the original post at: https://www.appviewx.com/blogs/nist-releases-new-report-on-crypto-agility-what-you-need-to-know-now/