Industry Standards Groups Advance Security with SPDM Standard and Post-Quantum Cryptography Support, and Alignment with CNSA 2.0

Today, DMTF and several of its industry partners (CXL Consortium, NVM Express, Inc., PCI-SIG^®, SNIA, and Trusted Computing Group) announced the continued evolution of the Security Protocol and Data Model (SPDM) standard, expanding its capabilities to support post-quantum cryptography (PQC) and aligning with the National Security Agency’s Commercial National Security Algorithm (CNSA) 2.0 Suite. As global cybersecurity threats grow in complexity, the need for resilient, future-proofed security standards has never been greater.

SPDM provides a robust framework for secure device communication, enabling authentication, confidentiality, and integrity for devices across a wide range of industries. With the upcoming CNSA 2.0 regulations on the horizon, industry standards organizations remain committed to staying ahead of emerging security challenges by incorporating PQC support and alignment with CNSA 2.0. This advancement ensures that SPDM remains at the forefront of secure device communication, protecting against quantum-enabled threats that could compromise current cryptographic methods.

“DMTF’s SPDM standard has been instrumental in establishing the integrity of infrastructure and advancing secure device communication across the industry. As we prepare for the transition to PQC, SPDM’s adaptable and robust framework ensures that devices remain protected against emerging threats,” said DMTF President Jeff Hilland. “We fully support the evolution of SPDM to incorporate PQC, safeguarding the future of secure authentication and data integrity in an increasingly complex cybersecurity landscape. We’re proud to collaborate with other industry standards organizations to maintain a unified approach to cybersecurity.”

DMTF continues to work closely with global partners and industry leaders to align SPDM with the latest security innovations. This swift action reflects this collective effort, emphasizing interoperability, resilience, and advanced cryptographic protections.

"Broadcom is pleased to collaborate with DMTF to enable the ecosystem with security innovations critical for encryption and authentication protection in the data center," said Jas Tremblay, vice president and general manager, Data Center Solutions Group, Broadcom. "Our PCIe Ethernet NICs and NVMe storage adapters utilize DMTF’s SPDM and PQC standards to help protect against emerging cybersecurity and post-quantum threats.”

“HPE is committed to advancing end-to-end security from edge to cloud and this requires building technology today that ensures future security in a post-quantum world," said Fidelma Russo, executive vice president and general manager of Hybrid Cloud and CTO, HPE. "We believe Post Quantum Cryptography in DMTF's SPDM will ensure robust, future-proof protection for hardware authentication and verification. This evolution is crucial in defending against quantum-enabled threats and why we have deployed quantum cryptography in our server infrastructure and are expanding this across our technology portfolio.”

“Post-quantum resilience is our goal for Intel platforms in the coming years,” said Ronak Singhal, Senior Fellow and Chief Architect for Xeon Roadmap at Intel Corporation. “As a co-developer of the DMTF specification, Intel supports the PQC-ready SPDM standard as a critical step toward security and resilience in the emerging quantum computing era.”

“SPDM and PQC are essential to our commitment to platform security which is an absolute imperative,” said Chris Dreikosen, Vice President, Chief Quality and Security Officer, Lenovo Infrastructure Solutions Group. “This enhancement to DMTF’s SPDM standard, by incorporating PQC, will enable additional security capabilities that help us meet the demands of Lenovo customers and the industry at large.”

“Supermicro supports the critical work of DMTF’s SPDM and PQC to establish industry-wide security and interoperability standards,” said Arun Kalluri, Vice President, software products, Supermicro. “Security continues to be a critical issue for the industry and Supermicro is committed to collaborating with and supporting the leading industry standard and open-source efforts, including aggressively implementing SPDM and PQC in our extensive portfolio of Cloud, AI, Storage and Edge products.”

“CXL IDE (Integrity and Data Encryption) and TSP (Trusted-Execution-Environment Security Protocol) rely on DMTF’s SPDM and PQC protocols to meet the industry’s demand for confidential computing,” said Dr. Debendra Das Sharma, Chair of the CXL Consortium. “We are thrilled to continue the evolution of these standards to drive innovation and resilience, delivering a secure, reliable solution for the ecosystem.”

“Robust security is fundamental to the storage ecosystem,” said Amber Huffman, President of NVM Express. “NVM Express is pleased to partner with DMTF on the inclusion of PQC support for the SPDM standard which will enhance secure, reliable storage solutions across the industry.”

“PCI-SIG incorporates Security Protocol and Data Model (SPDM) as part of the PCIe® technology security infrastructure to support authentication, confidentiality and integrity,” said Al Yanes, PCI-SIG President and Board Chair. “The collaboration to advance the SPDM security standard shows that standards groups can successfully join forces to meet industry needs, benefiting all players in the long-run.”

“As a long-time industry alliance partner, SNIA supports DMTF's SPDM and PQC standards, which enhance device authentication, secure communication, and futureproofing against post-quantum threats. This partnership leverages collective strengths, simplifies implementations, and accelerates time-to-market. SNIA Swordfish® and DMTF Redfish® collaborate to manage security aspects, improving user experience and delivering robust solutions. Together, these standards foster innovation and resilience across the industry,” said Richelle Ahlvers, Vice-Chair, SNIA Board of Directors.

“At the Trusted Computing Group (TCG), DMTF’s SPDM and PQC efforts and collaboration are essential to our commitment to security and innovation. SPDM ensures robust device authentication, firmware integrity, and secure communication, while PQC prepares us for the evolving landscape of post-quantum threats," said Rick Martinez, Vice President of TCG. "Together, these standards strengthen and protect devices implementing TCG specifications such as TPM and DICE, and safeguard our ecosystem, building the trust and reliability customers expect.”

About DMTF:

DMTF, an industry standards organization, creates open manageability specifications spanning diverse emerging and traditional IT infrastructures including cloud, virtualization, network, servers, and storage. Member companies and alliance partners worldwide collaborate on standards including Redfish, SPDM, SMBIOS, MCTP, PLDM, and more to improve the interoperable management of information technologies. Nationally and internationally recognized by ANSI and ISO, DMTF standards enable a more integrated and cost-effective approach to management through interoperable solutions. Simultaneous development of Open Source and Open Standards is made possible by DMTF, which has the support, tools, and infrastructure for efficient development and collaboration. For a complete list of our standards and initiatives, visit the Standards and Technologies section of the DMTF website.

DMTF is led by a diverse board of directors from Broadcom Inc.; Cisco; Dell Technologies; Hewlett Packard Enterprise; Intel Corporation; Lenovo; Positivo Tecnologia S.A.; and Verizon.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250528847702/en/

DMTF continues to work closely with global partners and industry leaders to align SPDM with the latest security innovations.