Unbiased AMTSO-registered methodology validates cloud-native firewalls in opposition to NIST post-quantum requirements as CISA procurement mandate takes impact.
SecureIQLab immediately printed the primary unbiased cloud-native firewall validation methodology to incorporate NIST post-quantum cryptography requirements.
Each cloud-native firewall vendor will quickly declare quantum-safe posture. Enterprises and federal businesses want a solution to confirm these claims in opposition to a repeatable, vendor-neutral benchmark.”
— David Ellis, VP of Analysis, SecureIQLab
Key details:
– First unbiased cloud-native firewall (CNFW) validation methodology to incorporate NIST post-quantum cryptography (PQC) requirements: ML-DSA-65/87 for digital signatures, ML-KEM-768/1024 for key institution, and SHA-384/512 for integrity.
– Registered with the Anti-Malware Testing Requirements Group (AMTSO) as Take a look at ID AMTSO-LS1-TP195.
– As much as 16 distributors evaluated throughout three pillars (Safety Efficacy, Operational Effectivity, Compliance Validation), with compliance mapping to GDPR, HIPAA, PCI DSS, NIST 800-171, SOC 2, ISO/IEC 27001:2022, and Safe by Design/Default.
– Validation spans multi-cloud (AWS, Azure, GCP), Kubernetes (EKS, AKS, GKE), serverless, GenAI inference endpoints, and Mannequin Context Protocol (MCP) server safety.
Additionally Learn: AiThority Interview with Glenn Jocher, Founder & CEO, Ultralytics
– Non-commissioned validation begins June 2026; outcomes printed by finish of October 2026.
The methodology, Cloud Native Firewall CyberRisk Validation v1.0, is registered with the Anti-Malware Testing Requirements Group (AMTSO) as Take a look at ID AMTSO-LS1-TP195. It arrives in the identical window as two landmark federal PQC mandates.
The Cybersecurity and Infrastructure Safety Company (CISA) printed a January 2026 record of product classes for which businesses should purchase solely PQC-enabled expertise. Federal businesses had been additionally attributable to submit complete PQC transition plans underneath Nationwide Safety Memorandum 10 (NSM-10) and OMB Memorandum M-23-02 by the tip of April 2026.
The urgency is backed by knowledge. In keeping with the Trusted Computing Group’s 2025 State of PQC Readiness survey, 91% of organizations don’t have any PQC roadmap in place. Cloud Safety Alliance Labs reviews that solely 5% of organizations have deployed quantum-safe encryption, whereas 81% say their cryptographic libraries and {hardware} safety modules usually are not prepared for migration.
In the meantime, the assault curve is tightening. The estimated qubits required to interrupt RSA-2048 has fallen from roughly 1 billion in 2012 to roughly 1 million as of Might 2025, per F5 Labs. The World Threat Institute’s 2024 Quantum Menace Timeline Report attracts on 32 main specialists. It locations the chance of a quantum pc able to breaking RSA-2048 inside 10 years at 19% to greater than 30%, relying on how skilled opinion is weighted.
“Each cloud-native firewall vendor will quickly declare quantum-safe posture. Enterprises and federal businesses want a solution to confirm these claims in opposition to a repeatable, vendor-neutral benchmark,” mentioned David Ellis, VP of Analysis and Company Relations at SecureIQLab. “Our methodology is the primary to require empirical PQC proof on the firewall layer, alongside GenAI workload safety and multi-cloud enforcement, so safety leaders can meet federal and enterprise mandates with reproducible proof reasonably than vendor self-attestation.”
“Publish-quantum readiness is about to grow to be one of many most-claimed and hardest-to-verify properties in safety. That’s precisely the place AMTSO’s transparency and reproducibility requirements matter most. They offer enterprises and regulators a shared baseline for separating actual implementations from advertising and marketing. SecureIQLab’s CNFW methodology extending into PQC is a significant growth of what unbiased validation can credibly cowl,” mentioned John Hawes, COO of the Anti-Malware Testing Requirements Group.
Cloud-native firewalls require a separate methodology as a result of they’re architecturally distinct from cloud-deployed firewalls. Current firewall methodologies, together with SecureIQLab’s personal Superior Cloud Firewall validation, measure VM-based home equipment at VPC perimeters. Cloud-native firewalls embed within the cloud management aircraft, implement coverage through API throughout Kubernetes clusters, examine east-west container visitors, and should now additionally show quantum-safe cryptographic assist. Conventional firewall methodologies can not consider these mechanisms.
The methodology makes use of three pillars. Safety Efficacy validates menace detection and prevention throughout situations mapped to the MITRE ATT&CK Cloud Matrix, STRIDE, OWASP Cloud-Native Tips, and the CSA Cloud Controls Matrix. Encryption validation covers all 22 TLS 1.2 cipher suites, three TLS 1.3 cipher suites, TLS session reuse, and NIST PQC requirements ML-DSA, ML-KEM, and SHA-384/512 (NIST FIPS 203/204/205). GenAI workload validation covers inference endpoint safety and MCP server safety, together with entry management, tool-call knowledge exfiltration, and prompt-injection hijacking. Operational Effectivity evaluates IaC-driven deployment, coverage administration, scalability, incident response, and efficiency throughout AWS, Azure, GCP, and Kubernetes environments. Compliance Validation maps firewall capabilities to GDPR, HIPAA, PCI DSS, NIST 800-171, SOC 2, ISO/IEC 27001:2022, and Safe by Design/Default.
The methodology’s PQC protection aligns with a sequence of federal milestones. CISA printed product-category steerage in January 2026, and federal businesses had been attributable to file transition plans by the tip of April 2026. NSA Industrial Nationwide Safety Algorithm (CNSA) 2.0 compliance applies to new Nationwide Safety System acquisitions from January 2027, with full NSS compliance due by 2033. Within the European Union, regulators more and more deal with quantum-vulnerable cryptography as failing the “state-of-the-art” customary underneath the Digital Operational Resilience Act (DORA) and the NIS2 Directive.
The non-commissioned examine, funded totally by SecureIQLab, evaluates as much as 16 CNFW distributors throughout managed cloud-provider firewall companies and third-party containerized options. The total deliberate vendor record is printed within the methodology doc. Testing begins in June 2026, with particular person and comparative reviews printed by the tip of October 2026. The AMTSO attestation is signed by David Ellis, VP of Analysis and Company Relations.
Additionally Learn: The Infrastructure Warfare Behind the AI Growth
[To share your insights with us, please write to psen@itechseries.com ]
