Explore DigiCert ONE Platform

Trust Lifecycle Manager

Unified certificate automation and visibility.

CertCentral

Globally trusted certificates for websites and applications.

Private CA

Private trust for users, devices, and infrastructure.

DNS

Fast, resilient DNS to optimize security and availability.

Enterprise Trust

Software Trust Manager

Secure, policy-driven signing across your software supply chain.

Device Trust Manager

Identity, onboarding, and lifecycle management for devices and IoT.

Content Trust

Verified media and document integrity at enterprise scale.

Messaging Trust

Stop spoofing, secure messages, deliver verified logos in every inbox.

Integrations

AWS

Google Cloud

HashiCorp

Cloudflare

See all integrations

By Use Case

Prevent Outages With Automation

Automate discovery, renewal, and governance to eliminate certificate-related downtime.

Prepare For 47 Day TLS Certificates

Ensure automated certificate lifecycle management and full visibility.

Become Post Quantum Ready

Upgrade cryptographic agility and prepare systems for quantum-safe security.

Enable Zero Trust

Authenticate every user, device, and workload with strong identity and policy controls.

By Use Case

Modernize PKI

Replace legacy infrastructure with scalable, automated, cloud-ready PKI.

Leverage AI with Trusted Identity

Use AI-enhanced identity verification for users, applications, and digital interactions.

Maintain Compliance

Meet regulatory requirements with centralized auditability, policy enforcement, and reporting.

By Industry

Financial Services

Healthcare

TLS/SSL Certificates

Single Domain

Multi Domain

Wildcard Domain

Signing Certificates

Code Signing

Document Signing Certificates

S/MIME Email Certificates

Mark Certificates

Trust Services

eIDAS/PKIo

DigiCert DNS

DigiCert Store

Company

About DigiCert

Why DigiCert

Careers

Leadership

Professional Services

Corporate Resources

Blog

Events

Customer Stories

Newsroom

Webinars

YouTube Channel

Partners

Become a Partner

Channel Partner Directory

Technology Partner Directory

Cloud Partner Directory

Partner Portal

Resource Center

Reports

Datasheets

White Papers

e-Books

Solution Briefs

Videos

Infographics

Additional Resources

Blog

Customer Stories

Events

FAQs

Demos

Webinars

DigiCert Labs

Quick Links

Support

CertCentral

Trust Calendar

Vercara DNS

DigiCert Labs

QuoVadis

Valimail

Support

PKI Support

Tools

Tools: S/MIME Certificate Linter

Tools: SSL Install Diagnostics

Tools: Certificate Utility for Windows

Tools: CSR Creator

Tools: Check CSR

Tools: SSL Certificate Installation Instructor

Resources

Documentation

API Documentation

Knowledgebase

Solutions

FAQs

What is PKI?

What is an SSL Certificate?

What is SSL, TLS & HTTPS?

How TLS/SSL Works

What's the Difference Between DV, OV & EV SSL Certificates?

Contact Support

Americas

Europe, Middle East Africa

Asia Pacific, Japan

NIST advances post-quantum signature algorithms

Larry Seltzer

The transition to post-quantum cryptography (PQC) is entering a new phase. While core standards are already emerging, the industry is still working through the operational and security realities of long-term PQC deployment.

NIST’s latest announcement reflects that ongoing process.

The agency has launched another round of evaluation for post-quantum digital signature algorithms, advancing nine candidates for additional review. The move reinforces an important theme in PQC standardization: Cryptographic resilience depends on both strong algorithms and the ability to adapt as standards, threats, and implementation guidance evolve.

For enterprises, that makes crypto-agility just as important as algorithm selection itself.

NIST continues evaluating backup PQC algorithms

NIST recently announced a third round of competition for post-quantum digital signature algorithms. The agency continues to evaluate additional candidates as part of its broader effort to standardize cryptography capable of resisting future quantum computing attacks.

As NIST notes, any newly selected signature schemes would augment existing standards, including:

FIPS 204, Module-Lattice-Based Digital Signature Standard
FIPS 205, Stateless Hash-Based Digital Signature Standard
FIPS 186-5, Digital Signature Standard (DSS)
SP 800-208, Recommendation for Stateful Hash-Based Signature Schemes

The continued evaluation process reflects the importance of cryptographic diversity within the PQC ecosystem.

NIST has deliberately pursued algorithms based on different mathematical approaches. The goal is to reduce systemic risk if vulnerabilities or implementation weaknesses emerge in one family of algorithms over time. Additional detail on the mathematical foundations behind these schemes is available in NIST IR 8610.

That strategy matters because post-quantum migration is not a single deployment event. Organizations will likely operate hybrid cryptographic environments for years as standards mature and vendors update products, protocols, hardware, and infrastructure.

In practice, that means enterprises may need to support both classical and post-quantum cryptography simultaneously across applications, certificates, devices, and authentication systems. It also means that new PQC algorithms will likely be available in the future, and enterprises will need to be ready to implement them.

For most organizations, however, the implementation path remains relatively clear. ML-DSA is still expected to become the primary post-quantum digital signature algorithm for the majority of enterprise applications.

Crypto-agility is now an operational requirement

The larger challenge facing enterprises is not choosing a PQC algorithm. It's operational readiness.

Organizations must be able to update cryptographic systems quickly and consistently across distributed environments. That capability is known as crypto-agility.

Crypto-agility is the ability to adapt cryptographic systems, certificates, protocols, and policies within an established management framework.

Teams that remember the SHA-1 deprecation understand how difficult large-scale cryptographic transitions can become. Even organizations that understood the coming change often struggled with incomplete inventories, manual certificate processes, and inconsistent visibility across networks and platforms.

The transition to PQC will likely be even more operationally demanding.

Certificate lifecycles continue to shrink. Browser and platform requirements continue to evolve. Machine identities continue to grow across cloud, hybrid, and connected environments.

Many organizations still rely on partially automated certificate management processes assembled over years of incremental growth. Those approaches may automate parts of issuance or renewal, but they often still depend on manual approvals, disconnected tooling, or incomplete visibility into certificate inventories.

That model becomes increasingly difficult to sustain as certificate volumes and renewal frequency increase.

Certificate lifecycle automation supports PQC readiness

A complete certificate lifecycle management strategy does more than reduce operational overhead. It helps organizations build the foundation required for long-term crypto-agility.

Centralized lifecycle management improves visibility across certificate inventories and automates issuance, renewal, revocation, and policy enforcement. Automation also reduces outages caused by expired or misconfigured certificates.

Those capabilities become increasingly important as organizations prepare for post-quantum migration.

The organizations best positioned for PQC are not waiting for standards to fully stabilize before modernizing operations. They are improving visibility, automating lifecycle management, and building the operational flexibility needed to support ongoing cryptographic change.

PQC migration will ultimately be a long-term operational challenge as much as a cryptographic one. Organizations that strengthen crypto-agility now will be better prepared for whatever standards evolution comes next.