#None #Reno #Rocky Linux #CIQ #NSS Module

CIQ Achieves Landmark CAVP Certification with NSS for Post-Quantum Cryptography on Rocky Linux

CIQ Achieves Groundbreaking CAVP Certification for NSS



CIQ announced a monumental achievement with its Network Security Services (NSS) for Rocky Linux 9.6, which has successfully passed the Cryptographic Algorithm Validation Program (CAVP) certification by the National Institute of Standards and Technology (NIST). This milestone elevates Rocky Linux to the forefront of tech innovation, establishing it as the first Enterprise Linux distribution to feature an NSS module that supports post-quantum cryptography (PQC) algorithms validated by NIST.

What Are Post-Quantum Cryptography Algorithms?



Post-Quantum Cryptography refers to cryptographic algorithms designed to be secure against the potential capabilities of quantum computers. As these forms of computing continue to advance, the risk they pose to current cryptographic systems becomes increasingly significant. CIQ's NSS module boasts two NIST-approved PQC algorithms: ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) and ML-DSA (Module-Lattice-Based Digital Signature Algorithm). These algorithms are purpose-built to thwart potential attacks leveraging both classical and quantum computational power.

The Development Journey



The road to achieving the CAVP certification was arduous. In September 2025, Rocky Linux introduced NSS version 3.112, which initially included feature-complete ML-KEM and ML-DSA support. However, these features were not compliant with FIPS standards. CIQ’s distinguished engineer, Jeremy Allison, who is also a co-creator of the Samba Project, spearheaded the initiative to enhance the NSS module to meet the necessary FIPS 140-3 standards for NIST submission. Allison emphasized the importance of making the compliance coding open-source, allowing broader collaboration within the security community.

Addressing Immediate Needs in Quantum Cryptography



The urgency of adopting quantum-resistant cryptography is underscored by the National Security Agency's CNSA 2.0, which has outlined a stringent timeline for the National Security Systems to switch to such cryptography, targeting 2027 for initial milestones and a full transition by 2035. The gravity of potential threats is compounded by the

Topics Consumer Technology)

【About Using Articles】

You can freely use the title and article content by linking to the page where the article is posted.
※ Images cannot be used.

【About Links】

Links are free to use.