GSA and Post-Quantum Cryptography: Enabling a Secure Federal Future

Introduction: Supporting Agencies in the Quantum Transition

The General Services Administration (GSA) is committed to helping agencies securely navigate the shift to post-quantum cryptography (PQC). With quantum computing advancing rapidly, the threat to traditional encryption methods is no longer theoretical. Agencies must begin preparing now to safeguard sensitive data against future quantum-enabled decryption capabilities.

GSA supports this effort by offering trusted, compliant acquisition pathways and technical guidance. Our IT contract portfolio includes proven solutions that agencies can use to inventory, assess, and modernize their cryptographic systems. This approach supports federal mandates such as the Quantum Computing Cybersecurity Preparedness Act, Executive Orders 14028 and 13800, and OMB Memorandum M-23-02.

Join Us: PQC Transition Webinar on June 11

On June 11, 2025, from 1–2 p.m. EST, GSA will host a free, virtual webinar titled “Post-Quantum Cryptography Transition: Getting Started with Inventory and Assessment.” This session is designed to help agencies begin their quantum readiness journey. Technical experts will explore cryptoagility and compliance standards, while GSA acquisition professionals will walk through how to leverage specific contract options for your agency’s needs. Attendees will earn one Continuous Learning Point. To register, visit gsa.gov/events.

Where GSA Fits In

GSA provides a range of acquisition vehicles that support PQC planning and implementation. Through the Multiple Award Schedule – IT Category, agencies can access pre-vetted vendors for cryptographic solutions and modernization support. The Highly Adaptive Cybersecurity Services (HACS) SIN connects agencies with qualified cybersecurity experts. The Managed Security Service (MSS) offering in the Enterprise Infrastructure Solutions (EIS) contract is a comprehensive service designed to safeguard an agency’s IT assets offering a range of capabilities, including inventory of critical systems and data, assessment of the current system environment, development of transition and maintenance plans, and implementation and maintenance of PQC.

Agencies also benefit from our Governmentwide Acquisition Contracts, such as Alliant 2 and 8(a) STARS III, which support secure software development, risk mitigation, and integration of quantum-safe technologies. For market research and procurement planning, GSA’s Market Research as a Service (MRAS) provides rapid access to vendor capabilities and comparative insights.

Getting Started with Inventory and Assessment

The most important first step in the PQC transition is understanding your current cryptographic footprint. Agencies should begin by conducting a full inventory of systems using vulnerable encryption algorithms. This includes identifying where encryption is used, the types of cryptographic protocols in play, and the sensitivity of the protected data.

GSA’s contracts can support this work by providing access to technical specialists, tools, and managed services. Our goal is to ensure agencies can move from assessment to action quickly and with confidence.

Preparing for the Future

As we look ahead, GSA is focused on enabling secure, scalable, and standards-aligned solutions. We’re actively engaging industry and government partners to encourage the growth of the post-quantum cryptography marketplace and ensure our offerings evolve to meet agency needs.

PQC readiness isn’t just a compliance task—it’s a national security imperative. With the right support and acquisition strategy, agencies can take meaningful steps now to prepare for the quantum future.

Take Action Today

GSA is your partner in building a resilient, quantum-ready federal enterprise. To learn more, register to attend our June 11 PQC webinar.  For assistance with your agency’s IT acquisition strategy, contact GSA’s IT Customer Service Center at itcsc@gsa.gov or 855-482-4348.