H.R. 3259

119th CONGRESS 1st Session

To amend the National Quantum Initiative Act and the Cyber Security Research and Development Act to advance the rapid deployment of post quantum cybersecurity standards across the United States economy, support United States cryptography research, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES · May 7, 2025 · Sponsor: Ms. Stevens · Committee: Committee on Science, Space, and Technology

Table of contents

• H.R. 3259
  • SEC. 1. Short title
  • SEC. 2. NIST cryptography programs and NSF cryptography research

SEC. 1. Short title

• This Act may be cited as the Post Quantum Cybersecurity Standards Act.

SEC. 2. NIST cryptography programs and NSF cryptography research

• (a) National Institute of Standards and Technology cryptography programs
  • The National Quantum Initiative Act is amended—
    • in section 2 ()— 15 U.S.C. 8801
      • by redesignating paragraphs (4), (5), (6), (7), the first paragraph (8) (relating to the definition of ), and the second paragraph (8) (relating to the definition of ) as paragraphs (5), (7), (8), (9), (11), and (12), respectively; Subcommittee on Economic and Security Implications Subcommittee on Quantum Information Science
        • (4) Critical infrastructure
          • The term critical infrastructure has the meaning given such term in section 1016(e) of () Public Law 107–56; 42 U.S.C. 5195c(e)
      • by inserting after paragraph (3) the following new paragraph:
      • by inserting after paragraph (5), as so redesignated, the following new paragraph:
        • (6) Post-quantum cryptography
          • The term post-quantum cryptography means those cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by either a quantum computer or classical computer.
        • (10) Sector risk management agency
          • The term sector risk management agency has the meaning given such term in section 2200 of the Homeland Security Act of 2002 (). 6 U.S.C. 650
      • by inserting after paragraph (9), as so redesignated, the following new paragraph:
    • in section 201 (), by— 15 U.S.C. 8831
      • redesignating subsection (c) as subsection (d); and
        • (c) Post quantum cryptography deployment
          • (1) In general
            • The Director of the National Institute of Standards and Technology, in consultation with the Secretary of Homeland Security and the heads of sector risk management agencies, as appropriate, shall promote the voluntary adoption and deployment of post-quantum cryptography standards, including by—
              • disseminating and making publicly available guidance and resources to help organizations adopt and deploy post-quantum cryptography standards;
              • providing technical assistance, as practicable, to entities that are high risk of quantum cryptoanalytic attacks, such as entities determined to be critical infrastructure or digital infrastructure providers; and
              • conducting such other activities as determined necessary by the Director to promote the adoption and deployment of post-quantum cryptography standards across the United States.
          • (2) Grant program
            • (A) In general
              • Subject to the availability of appropriations and after the date on which the Director of National Institute of Standards and Technology has issued post-quantum cryptography standards under paragraph (1), the Director may establish a program to identify and provide technical assistance through the award of grants to entities that are at high risk of quantum cryptoanalytic attacks, including by granting funds, in adopting such post-quantum cryptographic standards and remediating quantum-related vulnerabilities.
            • (B) Use of funds
              • Grants awarded to entities under this subsection may be used to cover reasonable costs, up to a specified amount established by the Director of the National Institute of Standards and Technology, of activities to adopt post-quantum cryptographic standards and remediate quantum-related vulnerabilities.
            • (C) Guidance
              • The Director of the National Institute of Standards and Technology may develop, and periodically update, guidance, including eligibility, application disclosure requirements, grant amount and duration, and any additional requirements regarding the award of grants under this paragraph.
            • (D) Consultation
              • If the program described in this paragraph is established, the Director of the National Institute of Standards and Technology shall consult with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, the heads of other Sector Specific Agencies and risk management agencies, and appropriate representatives of private sector entities, including nonprofit organizations, to share information regarding the program and guidance developed under subparagraph (C).
      • inserting after subsection (b) the following new subsection:
• (b) National Science Foundation cryptography research
  • Subsection (a)(1)(A) of section 4 of the Cyber Security Research and Development Act () is amended by inserting before the semicolon. 15 U.S.C. 7403