NIST publishes draft CSWP 48 mapping PQC migration capabilities to its risk frameworks
On 2025-09-18 NIST's National Cybersecurity Center of Excellence released the initial public draft of Cybersecurity White Paper 48, 'Mappings of Migration to PQC Project Capabilities to Risk Framework Documents,' aligning post-quantum-cryptography migration practices with the Cybersecurity Framework 2.0 and SP 800-53 controls. The document is guidance, not a binding mandate or finalized standard, and was open for public comment through 2025-10-20.
PQC migration guidance is load-bearing for the CISO audience because it links quantum-safe transition to established risk-management controls, but as a draft white paper it is the guidance end of the binding spectrum, below a standard or mandate.
Mapping PQC migration into CSF 2.0 and 800-53 lowers the planning barrier for enterprises and could accelerate procurement timelines for PQC products from vendors such as SEALSQ and SandboxAQ.