1 article
With NIST's post-quantum cryptography standards finalised and the NSA's CNSA 2.0 deadline requiring all new National Security System acquisitions to be quantum-resistant by January 2027, the migration window for enterprise and federal contractor environments is closing fast. Most organisations have yet to inventory their cryptographic assets, let alone begin migration.
The YellowKey BitLocker bypass demonstrates what practitioners have known for years: BitLocker deployed in its default TPM-only configuration satisfies regulatory checkboxes but does not protect against an adversary with physical access or WinRE trigger capability. The compliance requirement and the security requirement are not the same thing, and conflating them leaves organisations with an expensive false assurance.
CipherWatch Editorial
Security Intelligence Platform