[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3259 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 3259
To amend the National Quantum Initiative Act and the Cyber Security
Research and Development Act to advance the rapid deployment of post
quantum cybersecurity standards across the United States economy,
support United States cryptography research, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
May 7, 2025
Ms. Stevens (for herself and Ms. Tenney) introduced the following bill;
which was referred to the Committee on Science, Space, and Technology
_______________________________________________________________________
A BILL
To amend the National Quantum Initiative Act and the Cyber Security
Research and Development Act to advance the rapid deployment of post
quantum cybersecurity standards across the United States economy,
support United States cryptography research, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Post Quantum Cybersecurity Standards
Act''.
SEC. 2. NIST CRYPTOGRAPHY PROGRAMS AND NSF CRYPTOGRAPHY RESEARCH.
(a) National Institute of Standards and Technology Cryptography
Programs.--The National Quantum Initiative Act is amended--
(1) in section 2 (15 U.S.C. 8801)--
(A) by redesignating paragraphs (4), (5), (6), (7),
the first paragraph (8) (relating to the definition of
``Subcommittee on Economic and Security
Implications''), and the second paragraph (8) (relating
to the definition of ``Subcommittee on Quantum
Information Science'') as paragraphs (5), (7), (8),
(9), (11), and (12), respectively;
(B) by inserting after paragraph (3) the following
new paragraph:
``(4) Critical infrastructure.--The term `critical
infrastructure' has the meaning given such term in section
1016(e) of Public Law 107-56 (42 U.S.C. 5195c(e))'';
(C) by inserting after paragraph (5), as so
redesignated, the following new paragraph:
``(6) Post-quantum cryptography.--The term `post-quantum
cryptography' means those cryptographic algorithms or methods
that are assessed not to be specifically vulnerable to attack
by either a quantum computer or classical computer.''; and
(D) by inserting after paragraph (9), as so
redesignated, the following new paragraph:
``(10) Sector risk management agency.--The term `sector
risk management agency' has the meaning given such term in
section 2200 of the Homeland Security Act of 2002 (6 U.S.C.
650).''; and
(2) in section 201 (15 U.S.C. 8831), by--
(A) redesignating subsection (c) as subsection (d);
and
(B) inserting after subsection (b) the following
new subsection:
``(c) Post Quantum Cryptography Deployment.--
``(1) In general.--The Director of the National Institute
of Standards and Technology, in consultation with the Secretary
of Homeland Security and the heads of sector risk management
agencies, as appropriate, shall promote the voluntary adoption
and deployment of post-quantum cryptography standards,
including by--
``(A) disseminating and making publicly available
guidance and resources to help organizations adopt and
deploy post-quantum cryptography standards;
``(B) providing technical assistance, as
practicable, to entities that are high risk of quantum
cryptoanalytic attacks, such as entities determined to
be critical infrastructure or digital infrastructure
providers; and
``(C) conducting such other activities as
determined necessary by the Director to promote the
adoption and deployment of post-quantum cryptography
standards across the United States.
``(2) Grant program.--
``(A) In general.--Subject to the availability of
appropriations and after the date on which the Director
of National Institute of Standards and Technology has
issued post-quantum cryptography standards under
paragraph (1), the Director may establish a program to
identify and provide technical assistance through the
award of grants to entities that are at high risk of
quantum cryptoanalytic attacks, including by granting
funds, in adopting such post-quantum cryptographic
standards and remediating quantum-related
vulnerabilities.
``(B) Use of funds.--Grants awarded to entities
under this subsection may be used to cover reasonable
costs, up to a specified amount established by the
Director of the National Institute of Standards and
Technology, of activities to adopt post-quantum
cryptographic standards and remediate quantum-related
vulnerabilities.
``(C) Guidance.--The Director of the National
Institute of Standards and Technology may develop, and
periodically update, guidance, including eligibility,
application disclosure requirements, grant amount and
duration, and any additional requirements regarding the
award of grants under this paragraph.
``(D) Consultation.--If the program described in
this paragraph is established, the Director of the
National Institute of Standards and Technology shall
consult with the Director of the Cybersecurity and
Infrastructure Security Agency of the Department of
Homeland Security, the heads of other Sector Specific
Agencies and risk management agencies, and appropriate
representatives of private sector entities, including
nonprofit organizations, to share information regarding
the program and guidance developed under subparagraph
(C).''.
(b) National Science Foundation Cryptography Research.--Subsection
(a)(1)(A) of section 4 of the Cyber Security Research and Development
Act (15 U.S.C. 7403) is amended by inserting ``, including post-quantum
cryptography'' before the semicolon.
<all>