The quantum clock is ticking. Are you ready for Q-Day?

The U.S. government has made it crystal clear: the transition to quantum-resistant encryption isn't optional—it's mandatory. With new federal directives setting aggressive timelines and billion-dollar funding commitments, organizations must act now to prepare for a post-quantum world. Here's how F5's comprehensive post-quantum cryptography (PQC) solutions can help you meet these critical mandates while protecting your business from tomorrow's threats.

 

The Government Has Spoken: Quantum Mandates Are Here

The Biden administration's recent executive orders and National Security Memorandum 10 (NSM-10) have established an unambiguous federal position on quantum preparedness. The message is urgent: federal agencies must adopt quantum-resistant protocols by 2030, with full quantum risk mitigation targeted for 2035.

 

Key Federal Requirements Include:

• Immediate inventory mandates: All federal agencies must catalog cryptographic systems and identify quantum-vulnerable assets
• Procurement requirements: Within 90 days, agencies must mandate PQC support in all government-related technology acquisitions
• Timeline pressure: Preliminary steps required within months, full adoption by 2030
• Massive funding: Congress is considering $1.8-2.7 billion in quantum research and development over five years

But here's the critical insight: these aren't just government problems. Any organization working with federal agencies, handling sensitive data, or operating critical infrastructure will soon face similar requirements.

 

The "Harvest Now, Decrypt Later" Reality

While quantum computers powerful enough to break current encryption don't exist yet, threat actors aren't waiting. They're actively capturing encrypted data today with plans to decrypt it once quantum capabilities emerge—a strategy cybersecurity experts call "harvest now, decrypt later."

The implications are sobering:

• Your encrypted data from today could be vulnerable within 5-10 years
• Long-lived sensitive information (financial records, healthcare data, intellectual property) faces the greatest risk
• Compliance frameworks are rapidly evolving to address quantum threats

According to Gartner's assessment: "Advances in quantum computing will make asymmetric cryptography unsafe by 2029. By 2034, asymmetric cryptography will be fully breakable with quantum computing technologies."

 

F5's Quantum-Ready Response: Beyond Compliance to Competitive Advantage

F5 has been anticipating this moment. Our comprehensive post-quantum cryptography solutions, integrated into the F5 Application Delivery and Security Platform (ADSP), don't just check compliance boxes—they position your organization for success in the quantum era.

 

NIST-Standardized Protection That Works Today

The National Institute of Standards and Technology (NIST) has standardized several post-quantum cryptographic algorithms designed to withstand both classical and quantum attacks. TMOS 17.5.1 implements ML-KEM (FIPS 203). While based on the original CRYSTALS-Kyber and CRYSTALS-Dilithium algorithms, the standardized versions include important parameter adjustments and implementation requirements that ensure long-term interoperability.

You can deploy quantum-safe algorithms on a BIG-IP today.

 

How to enable quantum-safe Ciphers on a BIG-IP

The National Institute of Standards and Technology (NIST) has standardized several post-quantum cryptographic algorithms.. They are designed to withstand both classical and quantum attacks. TMOS 17.5.1 implements ML-KEM (FIPS 203) for key encapsulation. While based on the original CRYSTALS-Kyber and CRYSTALS-Dilithium algorithms, the standardized versions include important parameter adjustments and implementation requirements that ensure long-term interoperability.

 

Prerequisites and Planning

Before implementing quantum ciphers on your BIG-IP system, ensure your environment meets these requirements:

 

Hardware Requirements:

• BIG-IP appliances with sufficient processing power (quantum algorithms are computationally intensive)
• Minimum 8GB RAM for optimal performance
• Hardware Security Module (HSM) support recommended for key management
• Note that F5 also has virtual editions that will run on all common hypervisors and in the cloud.

 

Software Requirements:

• TMOS version 17.5.1 or later
• Valid SSL/TLS certificates compatible with hybrid classical-quantum cipher suites
• Updated client applications capable of negotiating post-quantum algorithms

Hardware Security Modules are not required to support post-quantum cryptographic algorithms, but they provide a higher level of assurance for cryptographic key storage. F5 offers a range of hardware that has built in hardware security modules. Also, if virtual F5 instances are selected, they offer the ability to integrate with a network based hardware security module.

 

Network Considerations:

• Increased bandwidth requirements due to larger key sizes and signature lengths
• Latency impact assessment for time-sensitive applications
• Compatibility testing with existing security infrastructure

The current implementation is a hybrid approach where classical and post quantum algorithms run in parallel. So you would use "classical" RSA/ECDSA certificates for the server authentication, but the actual TLS handshake would use ML-KEM for establishing quantum-safe session keys. 

 

Enabling Post-Quantum Ciphers: Step-by-Step Configuration

Step 1: Access the BIG-IP Configuration Utility

Log into your BIG-IP system through the web-based Configuration utility or connect via SSH for command-line configuration. Navigate to System/Configuration/Device/Genera to verify you're running TMOS 17.5.1.

Or in the cli type

tmsh show sys version

Then follow along with F5 documentation. The details are all in the article for configure either via TMUI or TMSH.

https://my.f5.com/manage/s/article/K000149577

Step 2: Create a Cipher Rule

Step 3: Create a new Cipher Group

Step 4: Create a New Client SSL profile

• Create a client SSL profile.
• Associate the ciphergroup with the new client SSL profile.
• Remove No TLSv1.3 from the enabled options

Step 5: Create a Virtual Server

Example:

tmsh create /ltm virtual quantum { destination 10.0.2.113:443 ip-protocol tcp pool quantumpool profiles add { quantum { context clientside } tcp } }

Step 6: Test

In my case, I used Chrome to test my connection.

I enabled the developer tools and in the privacy and developer tools, looked at what was being negotiated.

 

 TLS 1.3 is being negotiated with a quantum-safe key exchange using ML-KEM.

 

Hybrid Approach: Bridge to the Future

Understanding that quantum transition happens gradually, F5 enables hybrid cryptographic models that combine classical and quantum-resistant encryption. This approach provides:

• Interoperability with existing systems during transition periods
• Risk mitigation through dual-layer protection
• Flexibility to upgrade at your own pace without operational disruption
• Future-proofing as quantum technologies continue to evolve

 

End-to-End Quantum Security

F5's platform delivers comprehensive PQC coverage across your entire infrastructure:

Client-Side Protection: Quantum-safe TLS connections from the first handshake Network Security: PQC-enabled firewalls and access controls Application Delivery: High-performance quantum-resistant load balancing and traffic management Backend Security: Protection for APIs, microservices, and data stores Legacy System Support: Quantum protection for systems that can't be immediately upgraded

 

Real-World Benefits: Performance Meets Protection

One common concern about post-quantum cryptography is its performance impact. F5's implementation addresses this head-on:

• Optimized algorithms that maintain application responsiveness
• Hardware acceleration for cryptographic operations
• Intelligent load balancing to distribute quantum-safe processing
• Minimal latency through strategic proxy deployment

 

 

Federal Case Study Potential

Consider a federal agency managing both modern cloud applications and legacy mainframe systems. With F5's PQC solutions:

1. Modern apps get native quantum-resistant encryption
2. Legacy systems receive protection through F5's proxy capabilities
3. Hybrid cloud environments maintain security across all deployment models
4. Compliance reporting becomes automated and comprehensive – especially if you use tools like the F5 Application Study Tool  that has certificate monitoring and SSL/TLS monitoring capabilities

 

The Strategic Imperative: Act Now, Lead Tomorrow

The federal quantum mandates represent more than compliance requirements—they signal a fundamental shift in how we think about digital security. Organizations that act proactively will gain significant advantages:

Competitive Benefits:

• First-mover advantage in quantum-safe technologies
• Enhanced customer trust through demonstrated security leadership
• Reduced risk of future data breaches and regulatory penalties
• Operational continuity during industry-wide transitions

Risk Mitigation:

• Protection against current threat actors already harvesting data
• Compliance readiness for evolving regulations
• Business continuity during the quantum transition
• Investment protection through crypto-agile infrastructure

 

Your Quantum Transition Roadmap

Getting started with quantum preparedness doesn't require massive infrastructure overhauls. F5's phased approach enables practical progression:

 

Phase 1: Assessment and Planning (30 days)

• Inventory current cryptographic implementations
• Identify high-value and long-lived data assets
• Evaluate quantum risk exposure
• Develop transition timeline aligned with federal requirements

 

Phase 2: Hybrid Deployment (90 days)

• Implement F5 PQC solutions for critical applications
• Enable quantum-safe TLS for external connections
• Begin protecting high-value data flows
• Establish quantum-resistant access controls

 

Phase 3: Full Transition (12-24 months)

• Extend quantum protection to all applications and APIs
• Migrate legacy systems through F5 proxy capabilities
• Implement comprehensive quantum-safe PKI
• Achieve full compliance with federal mandates

 

The Bottom Line: Quantum Readiness Is Business Readiness

The federal government's quantum mandates aren't just about national security. They’re about ensuring America's digital infrastructure remains secure and competitive in the quantum age. Organizations that embrace this transition early, with solutions like F5's comprehensive PQC platform, will emerge stronger and more secure.

The quantum era is coming whether we're ready or not. The question isn't whether you'll need quantum-resistant security—it's whether you'll be prepared when Q-Day arrives.

 

Ready to Start Your Quantum Journey?

F5's post-quantum cryptography solutions are available today. They provide immediate protection against tomorrow's threats while ensuring compliance with federal mandates. Don't wait for quantum computers to break your encryption—start building quantum resistance now.

Contact F5 today to learn how our PQC solutions can protect your applications, secure your data, and position your organization for success in the post-quantum world.

The future of cybersecurity is quantum-resistant. Make sure your organization is ready.