NIST publishes first three post-quantum cryptography standards (FIPS 203/204/205)

What happened

On August 13, 2024, NIST formally published the first three post-quantum cryptography (PQC) standards from the eight-year selection process kicked off in 2016:

• FIPS 203, ML-KEM (Module-Lattice Key-Encapsulation Mechanism, derived from CRYSTALS-Kyber). The replacement for ECDHE / RSA key exchange.
• FIPS 204, ML-DSA (Module-Lattice Digital Signature Algorithm, derived from CRYSTALS-Dilithium). The general-purpose replacement for ECDSA / RSA signatures.
• FIPS 205, SLH-DSA (Stateless Hash-based Digital Signature Algorithm, derived from SPHINCS+). A conservative hash-based signature for cases where lattice security is undesirable.

A fourth signature algorithm (FN-DSA, derived from Falcon) was expected to follow in 2025.

Why it matters for CIAM

The headline "harvest-now, decrypt-later" risk is most acute for long-lived encrypted ciphertext (signed configuration, archived audit logs, regulated long-retention data). For CIAM specifically, the migration urgency is concentrated on:

• TLS to the browser, fronted by major CDNs (Cloudflare, Akamai, Fastly), most of which had hybrid X25519+ML-KEM in production by late 2024. CIAM behind these CDNs got post-quantum TLS for free.
• Signed assertions (SAML, JWT), short-lived tokens are not the urgent migration; long-lived signed federation metadata and audit attestations are.
• WebAuthn / passkey signatures, theoretically PQ-vulnerable but the attack model (per-RP, used at sign-in time only) doesn't carry the harvest-and-decrypt risk that key exchange does.

Practical 2026 posture for most CIAM teams: track vendor PQC roadmaps, verify TLS coverage at the CDN edge, inventory long-lived signed artifacts. See the post-quantum cryptography for auth guide for the full framework.