[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3259 Introduced in House (IH)]

<DOC>






119th CONGRESS
  1st Session
                                H. R. 3259

  To amend the National Quantum Initiative Act and the Cyber Security 
 Research and Development Act to advance the rapid deployment of post 
   quantum cybersecurity standards across the United States economy, 
  support United States cryptography research, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 7, 2025

Ms. Stevens (for herself and Ms. Tenney) introduced the following bill; 
 which was referred to the Committee on Science, Space, and Technology

_______________________________________________________________________

                                 A BILL


 
  To amend the National Quantum Initiative Act and the Cyber Security 
 Research and Development Act to advance the rapid deployment of post 
   quantum cybersecurity standards across the United States economy, 
  support United States cryptography research, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Post Quantum Cybersecurity Standards 
Act''.

SEC. 2. NIST CRYPTOGRAPHY PROGRAMS AND NSF CRYPTOGRAPHY RESEARCH.

    (a) National Institute of Standards and Technology Cryptography 
Programs.--The National Quantum Initiative Act is amended--
            (1) in section 2 (15 U.S.C. 8801)--
                    (A) by redesignating paragraphs (4), (5), (6), (7), 
                the first paragraph (8) (relating to the definition of 
                ``Subcommittee on Economic and Security 
                Implications''), and the second paragraph (8) (relating 
                to the definition of ``Subcommittee on Quantum 
                Information Science'') as paragraphs (5), (7), (8), 
                (9), (11), and (12), respectively;
                    (B) by inserting after paragraph (3) the following 
                new paragraph:
            ``(4) Critical infrastructure.--The term `critical 
        infrastructure' has the meaning given such term in section 
        1016(e) of Public Law 107-56 (42 U.S.C. 5195c(e))'';
                    (C) by inserting after paragraph (5), as so 
                redesignated, the following new paragraph:
            ``(6) Post-quantum cryptography.--The term `post-quantum 
        cryptography' means those cryptographic algorithms or methods 
        that are assessed not to be specifically vulnerable to attack 
        by either a quantum computer or classical computer.''; and
                    (D) by inserting after paragraph (9), as so 
                redesignated, the following new paragraph:
            ``(10) Sector risk management agency.--The term `sector 
        risk management agency' has the meaning given such term in 
        section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 
        650).''; and
            (2) in section 201 (15 U.S.C. 8831), by--
                    (A) redesignating subsection (c) as subsection (d); 
                and
                    (B) inserting after subsection (b) the following 
                new subsection:
    ``(c) Post Quantum Cryptography Deployment.--
            ``(1) In general.--The Director of the National Institute 
        of Standards and Technology, in consultation with the Secretary 
        of Homeland Security and the heads of sector risk management 
        agencies, as appropriate, shall promote the voluntary adoption 
        and deployment of post-quantum cryptography standards, 
        including by--
                    ``(A) disseminating and making publicly available 
                guidance and resources to help organizations adopt and 
                deploy post-quantum cryptography standards;
                    ``(B) providing technical assistance, as 
                practicable, to entities that are high risk of quantum 
                cryptoanalytic attacks, such as entities determined to 
                be critical infrastructure or digital infrastructure 
                providers; and
                    ``(C) conducting such other activities as 
                determined necessary by the Director to promote the 
                adoption and deployment of post-quantum cryptography 
                standards across the United States.
            ``(2) Grant program.--
                    ``(A) In general.--Subject to the availability of 
                appropriations and after the date on which the Director 
                of National Institute of Standards and Technology has 
                issued post-quantum cryptography standards under 
                paragraph (1), the Director may establish a program to 
                identify and provide technical assistance through the 
                award of grants to entities that are at high risk of 
                quantum cryptoanalytic attacks, including by granting 
                funds, in adopting such post-quantum cryptographic 
                standards and remediating quantum-related 
                vulnerabilities.
                    ``(B) Use of funds.--Grants awarded to entities 
                under this subsection may be used to cover reasonable 
                costs, up to a specified amount established by the 
                Director of the National Institute of Standards and 
                Technology, of activities to adopt post-quantum 
                cryptographic standards and remediate quantum-related 
                vulnerabilities.
                    ``(C) Guidance.--The Director of the National 
                Institute of Standards and Technology may develop, and 
                periodically update, guidance, including eligibility, 
                application disclosure requirements, grant amount and 
                duration, and any additional requirements regarding the 
                award of grants under this paragraph.
                    ``(D) Consultation.--If the program described in 
                this paragraph is established, the Director of the 
                National Institute of Standards and Technology shall 
                consult with the Director of the Cybersecurity and 
                Infrastructure Security Agency of the Department of 
                Homeland Security, the heads of other Sector Specific 
                Agencies and risk management agencies, and appropriate 
                representatives of private sector entities, including 
                nonprofit organizations, to share information regarding 
                the program and guidance developed under subparagraph 
                (C).''.
    (b) National Science Foundation Cryptography Research.--Subsection 
(a)(1)(A) of section 4 of the Cyber Security Research and Development 
Act (15 U.S.C. 7403) is amended by inserting ``, including post-quantum 
cryptography'' before the semicolon.
                                 <all>