NIST - National Institute of Standards and Technology

06/29/2026 | Press release | Archived content

Considerations for Achieving Crypto Agility: Strategies and Practices

Published
June 29, 2026

Author(s)

Elaine Barker, Lidong Chen, David Cooper, Dustin Moody, Andrew Regenscheid, Murugiah Souppaya, William Newhouse, Russell Housley, Sean Turner, William C. Barker, Karen Kent

Abstract

Cryptographic (crypto) agility refers to the capabilities needed to replace and adapt cryptographic algorithms in protocols, applications, software, hardware, firmware, and infrastructures while preserving security and ongoing operations. This white paper provides an in-depth survey of current approaches to achieving crypto agility. It discusses challenges and trade-offs and identifies approaches for providing operational mechanisms to achieve crypto agility. It also highlights critical working areas that require additional consideration.
Citation
NIST Cybersecurity White Papers (CSWP) - 39-upd1
Report Number
39-upd1
Pub Type
NIST Pubs

Keywords

cryptographic agility, cryptographic algorithm, cryptographic application programming interface (API), cryptographic risk management, cryptographic transition

Citation

Barker, E. , Chen, L. , Cooper, D. , Moody, D. , Regenscheid, A. , Souppaya, M. , Newhouse, W. , Housley, R. , Turner, S. , Barker, W. and Kent, K. (2026), Considerations for Achieving Crypto Agility: Strategies and Practices, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.39-upd1 , https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=962433 (Accessed July 2, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

NIST - National Institute of Standards and Technology published this content on June 29, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on July 03, 2026 at 03:48 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]