It would be easy to read the headlines about post-quantum cryptography (PQC) and conclude that the path forward is now clear.the work is finished. NIST has published its first post-quantum standards, the algorithms have names, and vendors are beginning to ship support. But NIST’s recent decision to advance another set of digital signature candidates into a further round of evaluation tells highlights a more important storydifferent reality: post-quantum cryptography is not a finish line you cross once. It is an ongoing process, and the way you organizations prepare for that evolution matters more than the specific algorithm they deploy today.
it matters more than which algorithm you happen to pick today.
For enterprises, that distinction is everythingcritical. The organizations that treat PQC as a one-time swap will find themselves redoing the work every time the standards evolve. The ones that build for adaptability will absorb each change as routine. This blog explains what NIST’s continued evaluation actually means, why it points squarely at crypto-agility as the real enterprise challenge, and how to prepare accordingly.
What NIST Actually Did
NIST has advanced selected a group of additional post-quantum digital signature candidates into the third round of its Additional Digital Signatures evaluation. As of May 14, 2026, NIST advanced nine candidates to this round (per NIST IR 8610), part of a standardization effort that began years ago and is still very much in motion. These candidate algorithms are not meant to replace the signature standards NIST has already finalized. They are intended to augment them, expanding the menu portfolio of approved options algorithms over time.
The existing post-quantum signature standards already include FIPS 204 (ML-DSA), the module-lattice-based digital signature standard, and FIPS 205 (SLH_DSA), the stateless hash-based signature standard, alongside FIPS 186-5, which continues to support classical digital signatures, and SP 800-208, which provides recommendations for stateful hash-based signature schemes. The newly advancing candidates would add to this set rather than overturn it.
The reason NIST keeps evaluating more algorithms is deliberate, and it is the most instructive part of the announcement.
Why NIST Wants Cryptographic Diversity
NIST is not adding evaluating algorithms because the existing ones are inadequate. It is doing so to deliberately build cryptographic diversity into the post-quantum ecosystem on purpose. Two of the three selected post-quantum signature algorithms, ML-DSA (FIPS 204) and the forthcoming FN-DSA (FIPS 206), are built on structured lattices. That concentration is efficient, but it creates a shared vulnerability: if a weakness were ever discovered in the lattice approach, a large share of the world’s quantum-resistant signatures in use could be undermined put at risk at once.
By continuing to evaluate algorithms based pursuing additional algorithms built on different mathematical assumptions, NIST is hedging against that scenario. If one family of algorithms develops a vulnerability or an implementation weakness over time, organizations would have alternatives based on entirely different foundations ready to take its place. This is the cryptographic equivalent of not putting all your eggs in one basket.
The practical implication for enterprises is profound. It means the set of algorithms you are expected to support is not fixed. New schemes will become available in the future, some algorithms may eventually be deprecated, and the recommended choices for a given use case may shift. You are not preparing for a single migration to a known endpoint. You are preparing to operate in an environment of continuous cryptographic change.
The Real Challenge Is Crypto-Agility
This is the heart of the matter. For most organizations, the hard difficult part of post-quantum readiness was never going to be choosingis not selecting an algorithm. NIST has done that selection work by standardizing the first set of post-quantum algorithms, and reputable vendors are implementing them results. The hard partreal challenge is operational: being able to update cryptographic systems quickly and consistently across distributed, complex environments, and then being able to do it again when the standards evolve.
That capability has a name: crypto-agility. It is the ability to change the cryptographic algorithms, certificates, protocols, and policies your organization relies on, within a managed framework, without massive rework each time. Crypto-agility is what turns the next algorithm update from a crisis into a configuration change.
Anyone who lived through the SHA-1 deprecation understands how painful large-scale cryptographic transitions can be. Even organizations that saw the change coming struggled, not because they could not understand the new algorithm, but because they had incomplete certificate inventories, manual processes, and inconsistent visibility across their networks and platforms. They could not find everything that needed to change, and they could not change it fast enough.
The post-quantum transition will be considerably more demanding than SHA-1 deprecation, for several reasons. It touches more systems. It will unfold over years rather than months. Organizations will need to run hybrid operated environments where, supporting classical and post-quantum cryptography coexist simultaneously, across applications, certificates, devices, and authentication systems for an extended period. And as NIST’s ongoing work demonstrates, it will not be a single transition but a series of them. On top of all this, certificate lifespans are shrinking at the same time, multiplying the operational load just as the cryptographic complexity increases.
An organization without crypto-agility will experience each of these shifts as a fire drill. An organization with it will adapt smoothly, again and again.
What Crypto-Agility Requires in Practice
Building crypto-agility is not abstract. It rests on a few concrete foundations.
The first is complete visibility. You cannot change what you cannot see, and you cannot adapt cryptography you have not inventoried. That means maintaining a continuously updated inventory of every cryptographic asset across your environment: certificates, keys, the algorithms and key sizes in use, and along with the systems and applications that depend on them. This inventory is the single most important prerequisite for any cryptographic transition, and it is exactly what most organizations lacked during the SHA-1 migration.
The second is automation. When cryptographic change needs to propagate across thousands of certificates and endpoints, manual processes inevitably become slow, inconsistent, and error prone – increasing the likelihood that critical assets are overlooked. Automated lifecycle management, capable of reissuing and redeploying certificates with new algorithms at scale, is what makes a transition executable rather than aspirational.
The third is governance. Crypto-agility requires the ability to define, update, and enforce policy, including approved algorithms, key strengths, and validity periods, consistently across the whole estate, and to update that policy as standards evolve. Without governance, agility becomes chaos.
Together, these foundations let an organization treat a new NIST standard not as a disruption but as an input to a process it already runs well.
How Encryption Consulting Can Help
The lesson of NIST’s continued work is that preparation should center focus on adaptability, not on betting everything on a single algorithm. Encryption Consulting helps organizations build exactly that kind of adaptable, future-ready cryptographic posturereadiness.
The foundation of crypto-agility is knowing what you have, and CBOM Secure is built for precisely that. Our cryptographic discovery and inventory solution continuously identifies the certificates, keys, algorithms, and protocols across your environment and flags which are quantum-vulnerable, producing the cryptographic bill of materials needed to plan and execute a post-quantum migration that any serious PQC transition depends on. It is the visibility layer that organizations wished they had during the SHA-1 deprecation, and it is the starting point for adapting to every signature standard NIST publishes from here forward.
Turning that visibility into an executable plan is the work of our Post-Quantum Cryptographic Advisory Services. We help you assess quantum risk, prioritize systems by data sensitivity and exposure, design a hybrid implementation strategy that supports classical and post-quantum algorithms side by side, and build the governance to evolve as standards mature, so that the next algorithm NIST finalizes becomes a manageable update rather than a scramble.
Because NIST’s latest move concerns digital signatures specifically, the integrity of signed software deserves particular attention. CodeSign Secure protects code signing keys and enforces signing workflows, positioning your software supply chain to adopt quantum-resistant signature algorithms as they become available. And as quantum-resistant certificates require reissuance across your estate, CertSecure Manager provides the automated certificate lifecycle management, discovery, renewal, and policy enforcement, that makes large-scale cryptographic transitions practical rather than overwhelming.
Whether you are building your first cryptographic inventory or designing a long-term crypto-agility strategy, Encryption Consulting can help you prepare for a future in which cryptographic standards keep evolving. Get in touch to start building your post-quantum readiness.
Conclusion
NIST’s decision to continue evaluating additional post-quantum signature candidates is not a sign that today’s standards are inadequate. It reflects a broader reality: cryptography is no longer something organizations modernize once and leave unchanged. It is an evolving discipline that adapts to new research, new threats, and new operational requirements. NIST’s deliberate pursuit of cryptographic diversity means enterprises should expect cryptographic standards and implementation guidance to continue evolving for years to come.
That reality reframes what post-quantum readiness means. The objective is not to select the perfect algorithm today. It is to build an organization that can adopt new algorithms, updated standards, and evolving guidance quickly and consistently across its entire environment. That is crypto-agility, and it depends on visibility, automation, and governance.
Organizations that build those capabilities will treat future cryptographic change as a routine operational process rather than a disruptive migration project. Those that do not risk repeating the challenges of past cryptographic transitions, with greater complexity and higher stakes. NIST has made its direction clear. The question is whether your cryptographic operations are prepared to evolve with it.
