Quantum Preparedness: Operationalizing NIST, ISO, and CISA Frameworks for Post-Quantum Cryptography Migration

Wednesday, October 29, 2025

9:10 AM - 10:10 AM CT

Location: Davidson CD

CPE Credits 1

Speaker(s)

Deepak Behal, CISSP CCSP GCSA GMLE AWS ML AWS AZURE SECURITY CERTIFIED CCI PMP PMI-ACP

Information Security Officer
CapitalOne, United States

Quantum computing’s threat to encryption demands urgent PQC migration. This session pioneers a roadmap to operationalize quantum-ready defenses by unifying NIST SP 800-53, ISO 27001:2022, and CISA’s Zero Trust frameworks.

Attendees learn to:

Align NIST’s 2024 PQC finalists (ML-KEM, ML-DSA) with ISO 27001’s cryptographic controls and CISA’s crypto-agility mandates.

Prioritize quantum risks via NISTIR 8428 assessments for PKI/IoT/legacy systems.

Automate PQC adoption using liboqs in CI/CD pipelines, compliant with ETSI QSC.

Featuring exclusive data from 15+ industry pilots (Google, NSA, finance), the session debuts a proprietary crosswalk matrix mapping PQC algorithms to compliance controls and a ROI checklist to quantify migration success. Tackling the standards-implementation gap, it equips CISOs/architects to thwart “harvest now, decrypt later” attacks and meet NSM-10 deadlines with metrics-driven strategies.

Learning Objectives:

Apply a proprietary crosswalk matrix to align NIST PQC finalists (e.g., ML-KEM) with ISO 27001:2022 controls and CISA Zero Trust requirements, ensuring compliance while retrofitting hybrid quantum-classical systems.
Implement automated PQC migration in DevOps pipelines using Open Quantum Safe’s liboqs, integrated with ETSI QSC profiles, to achieve crypto-agility without disrupting legacy workflows.
Quantify migration ROI using a metrics-driven checklist, prioritizing high-risk assets (PKI, IoT) via NISTIR 8428 quantum impact assessments and FAIR risk modeling to justify budget allocations.