Governance

Quantum Governance, Standards Bodies, and Compliance Vendors

Quantum governance, compliance platforms, standards bodies, and regulatory agencies. QSECDEF independent directory for quantum governance organisations.

Standards bodies and regulators do not build products. They write the rules that determine which products get deployed, in which jurisdictions, and on what timeline. For organisations managing quantum security compliance programmes, this tab is where the authority chain lives.

NIST defines the algorithms: ML-KEM, ML-DSA, SLH-DSA, and the forthcoming FIPS 206. The NSA and CNSS set the US government migration deadlines under CNSA 2.0. ETSI's Industry Specification Groups for QKD and Quantum Safe Cryptography produce the technical standards for quantum communications. The NCSC in the UK, ENISA and ANSSI in Europe, and BSI in Germany each publish migration guidance that applies to the regulated entities in their jurisdictions. The ITU-T Study Group 17 coordinates international quantum-safe network requirements. None of these organisations are commercial vendors. All of them are worth tracking.

The Governance tab is organised into four informational sub-categories: International Standards Bodies (ISO, ITU-T, IEEE, IEC), National Standards and Metrology Institutes (NIST, NPL, PTB, BIPM), Cybersecurity Agencies and Regulators (NCSC, NSA/CNSS, ENISA, BSI, ANSSI, CISA), and Telecom and Industry Alliances (ETSI ISG QKD, ETSI ISG QSC, IETF, 3GPP, GSMA). These entries carry no commercial tier and no booking CTA. They are reference listings.

The Governance tab also includes commercial compliance vendors: GRC platform providers and audit firms whose primary deliverable is regulatory compliance with quantum-security mandates. If you are preparing a board-level briefing on your organisation's regulatory exposure, this tab is the fastest way to map which bodies have authority over your sector and what they have published.

Showing 13 companies

Reference Organisations

Standards Bodies, Regulatory Agencies, and Cybersecurity Organisations

Reference listings. No commercial tier. Included for completeness.

ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) France
Administration for Cyber Security (ACS) Taiwan
Agence Nationale de la Cybersécurité (ANCS) Tunisia
Agenzia per la Cybersicurezza Nazionale (ACN) Italy
Australian Cyber Security Centre (ACSC) Australia
BSI (Bundesamt für Sicherheit in der Informationstechnik) Germany
CERT Polska (NASK) Poland
CERT-IS (Computer Emergency Response Team) Iceland
CERT-In (Indian Computer Emergency Response Team) India
CERT-MT (National Cyber Security Coordination Centre) Malta
CERT-SE (National CSIRT of Sweden) Sweden
CERT.LV (Information Technology Security Incident Response Institution) Latvia
CERT.PT Portugal
CERT.at Austria
CIRCL (Computer Incident Response Center Luxembourg) Luxembourg
CSIRT-KENYA Kenya
Canadian Centre for Cyber Security (Cyber Centre) Canada
Centre for Cyber Security (CFCS) Denmark
Centre for Cybersecurity Belgium (CCB) Belgium
Centro Criptológico Nacional (CCN) Spain
Centro Nacional de Cibersegurança (CNCS) Portugal
Computer Security Incident Response Team (CSIRT GOV) Poland
Cyber Security Agency of Singapore (CSA) Singapore
Cybersecurity and Infrastructure Security Agency (CISA) United States
Directoratul Național de Securitate Cibernetică (DNSC) Romania
European Union Agency for Cybersecurity (ENISA) European Union
Federal Chancellery of Austria Austria
Federal Security Service (FSB) Russia
GOVCERT.LU Luxembourg
Government Information Security Office (URSIV) Slovenia
ISO/IEC JTC 1/SC 27 - Information Security, Cybersecurity and Privacy Protection International
Information & Cyber Security Office (ICSO) United Arab Emirates
Institute of Commercial Cryptography Standards (ICCS) China
Instituto Nacional de Ciberseguridad (INCIBE) Spain
Israel National Cyber Directorate (INCD) Israel
Korea Internet and Security Agency (KISA) South Korea
Myndigheten för civilt försvar (MCF) - Swedish Civil Defence and Resilience Agency Sweden
National CERT of the Republic of Serbia (SRB-CERT) Serbia
National Center for Cyber Security Technology (NCCST) Taiwan
National Cybersecurity Office (NCO) — formerly NISC Japan
National Cyber Security Centre (NKSC/CERT-LT) Lithuania
National Cybersecurity Authority (NCA) Saudi Arabia
National Cybersecurity Authority (NCSA) Greece
National Cybersecurity Hub South Africa
National Institute of Cyber Security (NICS) Taiwan
National Institute of Standards and Technology (NIST) United States
National Security Agency (NSA) — CNSA 2.0 United States
Norwegian National Cyber Security Centre (NCSC) Norway
Portuguese National Cybersecurity Centre (CNCS) Portugal
Presidency of Cybersecurity Turkey
RU-CERT (Russian Federation CSIRT) Russia
SI-CERT (Slovenian Computer Emergency Response Team) Slovenia
SK-CERT (National Cyber Security Centre) Slovakia
Security Service of Ukraine (SBU) - Cyber Operations Ukraine
Senegal CERT/CSIRT Senegal
State Service of Special Communications and Information Protection (SSSCIP) Ukraine
Thailand Computer Emergency Response Team (ThaiCERT) Thailand
Vietnam Cyber Emergency Response Centre (VCERC) Vietnam
Zambia Cyber Incident Response Team (ZM CIRT) Zambia
aeCERT (UAE Computer Emergency Response Team) United Arab Emirates