SecureIQLab launches post-quantum validation for cloud-native firewalls

By AI, Created 9:45 AM UTC, May 20, 2026, /AGP/ – SecureIQLab published an independent methodology to test cloud-native firewalls against NIST post-quantum cryptography standards as federal procurement rules tighten. The framework starts non-commissioned testing in June and will publish results by the end of October 2026.

Why it matters: - Cloud-native firewalls are moving into a new procurement era where quantum-safe cryptography is becoming a buying requirement, not just a feature claim. - SecureIQLab’s methodology gives enterprises and federal agencies a repeatable benchmark for verifying post-quantum readiness instead of relying on vendor self-attestation. - The launch lands as CISA and other U.S. policy timelines push agencies toward PQC-enabled technology.

What happened: - SecureIQLab published Cloud Native Firewall CyberRisk Validation v1.0, an independent cloud-native firewall validation methodology that includes NIST post-quantum cryptography standards. - The methodology is registered with the Anti-Malware Testing Standards Organization as Test ID AMTSO-LS1-TP195. - Testing is scheduled to begin in June 2026, with individual and comparative reports due by the end of October 2026. - The study is non-commissioned and funded entirely by SecureIQLab.

The details: - The methodology validates ML-DSA-65 and ML-DSA-87 for digital signatures, ML-KEM-768 and ML-KEM-1024 for key establishment, and SHA-384/SHA-512 for integrity. - Validation spans up to 16 vendors across managed cloud-provider firewall services and third-party containerized solutions. - The framework covers three pillars: Security Efficacy, Operational Efficiency, and Compliance Validation. - Security Efficacy maps testing to the MITRE ATT&CK Cloud Matrix, STRIDE, OWASP Cloud-Native Guidelines, and the CSA Cloud Controls Matrix. - Encryption validation covers all 22 TLS 1.2 cipher suites, three TLS 1.3 cipher suites, TLS session reuse, and NIST PQC standards tied to FIPS 203, 204 and 205. - GenAI workload testing includes inference endpoint protection and Model Context Protocol server security, including access control, tool-call data exfiltration, and prompt-injection hijacking. - Operational Efficiency evaluates infrastructure-as-code deployment, policy management, scalability, incident response, and performance across AWS, Azure, GCP, and Kubernetes environments. - Compliance Validation maps capabilities to GDPR, HIPAA, PCI DSS, NIST 800-171, SOC 2, ISO/IEC 27001:2022, and Secure by Design/Default. - The methodology also covers multi-cloud deployments, Kubernetes clusters, serverless workloads, GenAI inference endpoints, and MCP server security.

Between the lines: - SecureIQLab is drawing a hard distinction between cloud-native firewalls and older VM-based firewall appliances. - Traditional firewall tests focus on perimeter appliances, while cloud-native firewalls embed in the cloud control plane and enforce policy through APIs. - That architectural shift means prior methodologies cannot fully evaluate east-west container traffic, cloud control-plane behavior, or quantum-safe cryptographic support. - AMTSO COO John Hawes said the expansion into PQC is a meaningful extension of independent validation because transparency and reproducibility matter most when security claims are hardest to verify. - SecureIQLab VP of Research and Corporate Relations David Ellis said the goal is to provide empirical evidence for firewall-layer PQC claims, GenAI workload security, and multi-cloud enforcement. - The push comes amid broad readiness gaps: a Trusted Computing Group survey found 91% of organizations have no PQC roadmap, while Cloud Security Alliance Labs said only 5% have deployed quantum-safe encryption and 81% say their cryptographic libraries and hardware security modules are not ready. - F5 Labs estimated the qubits needed to break RSA-2048 have fallen from about 1 billion in 2012 to about 1 million as of May 2025. - The Global Risk Institute’s 2024 Quantum Threat Timeline Report said the probability of a quantum computer capable of breaking RSA-2048 within 10 years ranges from 19% to more than 30%, depending on how expert opinion is weighted.

What’s next: - SecureIQLab says vendors interested in participation can contact the company directly. - The full methodology is available at the methodology document. - Results will provide a public test bed for cloud-native firewall buyers as federal PQC procurement and transition deadlines keep approaching. - The methodology’s timing lines up with CISA’s January 2026 product-category guidance, federal PQC transition plans due by the end of April 2026, NSA CNSA 2.0 requirements beginning in January 2027 for new National Security System acquisitions, and full NSS compliance due by 2033. - In the European Union, DORA and NIS2 are increasingly treating quantum-vulnerable cryptography as not meeting the “state-of-the-art” standard.

The bottom line: - SecureIQLab is trying to turn post-quantum readiness for cloud-native firewalls into something buyers can measure, compare, and enforce before procurement rules fully catch up.