The Department of War's ATO process increasingly demands evidence of cryptographic hygiene, yet most system owners lack systematic visibility into where classical cryptography lives in their environments, what CNSA 2.0 compliance requires of them, or what a credible Post-Quantum Cryptography (PQC) transition will cost.
Drawing on direct operational experience deploying Automated Cryptography Discovery and Inventory (ACDI) tooling across U.S. Army programs worldwide, this session delivers a practitioner's guide to integrating cryptographic discovery into the ATO lifecycle. Topics include standing up ACDI tools in operational DoW environments, translating discovery outputs into eMASS Plan of Action and Milestones (POA&M) entries aligned to FIPS 203/204/205 and CNSA 2.0, building system-level PQC cost estimates for program leadership, and structuring a PQC transition roadmap that integrates with existing Risk Management Framework (RMF) processes.
Attendees will leave with an operational playbook grounded in real Army engagements, for using cryptography discovery as an ATO accelerant rather than a compliance burden, and for giving system owners the data they need to brief, resource, and execute the transition to PQC.