ICYMI - Industry Standards Groups Advance Security with SPDM Standard and Post-Quantum Cryptography Support, and Alignment with CNSA 2.0
Posted on Tue, 06/10/2025 - 09:08
Recently, DMTF and several of its industry partners (CXL Consortium, NVM Express, Inc., PCI-SIG®, SNIA, and Trusted Computing Group) announced the continued evolution of the Security Protocol and Data Model (SPDM) standard, expanding its capabilities to support post-quantum cryptography (PQC) and aligning with the National Security Agency’s Commercial National Security Algorithm (CNSA) 2.0 Suite. As global cybersecurity threats grow in complexity, the need for resilient, future-proofed security standards has never been greater.
SPDM provides a robust framework for secure device communication, enabling authentication, confidentiality, and integrity for devices across a wide range of industries. With the upcoming CNSA 2.0 regulations on the horizon, industry standards organizations remain committed to staying ahead of emerging security challenges by incorporating PQC support and alignment with CNSA 2.0. This advancement ensures that SPDM remains at the forefront of secure device communication, protecting against quantum-enabled threats that could compromise current cryptographic methods.
“DMTF’s SPDM standard has been instrumental in establishing the integrity of infrastructure and advancing secure device communication across the industry. As we prepare for the transition to PQC, SPDM’s adaptable and robust framework ensures that devices remain protected against emerging threats,” said DMTF President Jeff Hilland. “We fully support the evolution of SPDM to incorporate PQC, safeguarding the future of secure authentication and data integrity in an increasingly complex cybersecurity landscape. We’re proud to collaborate with other industry standards organizations to maintain a unified approach to cybersecurity.”
DMTF continues to work closely with global partners and industry leaders to align SPDM with the latest security innovations. This swift action reflects this collective effort, emphasizing interoperability, resilience, and advanced cryptographic protections.
To read the full release and industry support click here.