Skip to main content
Blog

The Department of War’s New PQC Mandate

By December 10, 2025No Comments

What Agencies Must Do Now and How TYCHON Quantum Readiness Delivers

Post-quantum readiness has officially moved from planning to execution.

This week, the Department of War (DoW) CIO issued a new memorandum, Preparing for Migration to Post-Quantum Cryptography, directing departments to accelerate their transition to quantum-resistant cryptography and to immediately identify and inventory all cryptography used across DoW information systems.

This directive aligns with OMB M-23-02, NSM-10, and the Quantum Computing Cybersecurity Preparedness Act, reinforcing a clear requirement: agencies cannot migrate what they cannot see. Comprehensive cryptographic visibility is now foundational to compliance.

 

Meeting the Mandate: Automated Cryptographic Inventory at Enterprise Scale

To comply with the DoW memorandum, agencies must maintain a continuous, defensible inventory of cryptography across highly distributed and heterogeneous environments. TYCHON Quantum Readiness delivers exactly that.

The platform provides automated, continuous discovery of certificates, keys, cipher suites, crypto libraries, and TLS configurations across networks, endpoints, containers, cloud storage, VPNs, and embedded systems. This discovery produces a complete cryptographic baseline and a Cryptographic Bill of Materials (CBOM) that aligns directly with the inventory requirements defined in OMB M-23-02.

Rather than relying on periodic scans or incomplete network visibility, TYCHON Quantum Readiness establishes persistent cryptographic awareness, an essential prerequisite for post-quantum migration.

 

Built Specifically for U.S. Government Post-Quantum Readiness

TYCHON Quantum Readiness is purpose-built to support U.S. Government agencies as they prepare for the transition to post-quantum cryptography. It identifies both legacy and at-risk cryptographic implementations alongside modern configurations, including TLS 1.3, hybrid PQC deployments, and NIST-approved post-quantum algorithms.

This depth of visibility enables agencies to move beyond discovery and into crypto agility planning, helping teams understand where modernization is required and how to sequence PQC migration without disrupting mission-critical systems.

 

From Inventory to Action: Risk-Based Prioritization

Federal guidance requires more than a static snapshot of cryptographic assets, it demands an understanding of which systems create the greatest operational and security risk.

TYCHON Quantum Readiness continuously scores, ranks, and monitors cryptographic risk, alerting teams to vulnerabilities and changes as they occur. This risk-based approach allows organizations to focus remediation efforts on the systems that matter most, accelerating compliance while reducing mission impact.

 

Flexible Deployment, Seamless Integration, and Lower Cost

Designed for operational reality, TYCHON Quantum Readiness runs as a lightweight, agentless standalone binary with no dependencies. It deploys easily using existing administrative tools such as BigFix, Intune, SCCM, Ansible, and others, minimizing disruption and simplifying lifecycle management.

Data generated by TYCHON can be sent directly to systems agencies already use, including SIEM platforms like Splunk and Elastic, data lakes, and asset management solutions such as ServiceNow, Axonius, and Armis. By leveraging existing infrastructure and tooling, TYCHON delivers low total cost of ownership without requiring new agents, infrastructure, or extensive professional services.

 

Immediate Impact and Compliance-Ready Reporting

TYCHON Quantum Readiness can be deployed and fully operational in a single day, delivering immediate, actionable insights into cryptographic risk and PQC readiness posture.

Results can be exported in JSON, NDJSON, CBOM, or HTML formats, making it easier to support audits, compliance reporting, and executive-level visibility—critical for agencies operating under increasing oversight and reporting requirements.

 

Proven at Scale in Government Environments

TYCHON’s capabilities are not theoretical. The platform has demonstrated unmatched scalability, with a successful deployment across nearly one million Department of War systems worldwide. This real-world validation confirms TYCHON’s ability to operate at the scale and complexity required by large federal enterprises.

 

What’s New: Planning, Modernization, and Expanded Visibility

TYCHON Quantum Readiness now includes a Post-Quantum Readiness Assessment and Modernization Planning feature that helps organizations estimate PQC migration costs with precision. By correlating algorithm risk to system compute capacity and operating systems, agencies can plan modernization efforts strategically and defensibly.

In addition, TYCHON Quantum Readiness will soon be available through a white-label integration with HCL BigFix, extending PQC visibility for BigFix users across enterprise endpoint environments. This integration, launching in early Q1-2026, will support agencies operating millions of endpoints across the Federal Civilian Executive Branch (FCEB) and U.S. Government mission environments.

 

A Defining Moment for Quantum Readiness

The DoW’s new memorandum marks a clear inflection point. Post-quantum migration is no longer a future initiative—it is a present-day requirement. Agencies must act quickly, decisively, and with tools designed for scale, accuracy, and compliance.

Is your organization ready?