With a reduced workforce and decreased funding, the National Institute for Standards and Technology (NIST) begins 2026 tasked with ensuring the nation’s cybersecurity and national security demands are met. The agency is navigating the challenge of staying ahead of technological threats while adjusting to a headcount loss exceeding 700 staff since the previous year. Despite shrinking resources, areas like artificial intelligence, cybersecurity, and post-quantum encryption remain central priorities for NIST’s mission. As the federal government targets a shift to quantum-resistant cryptography, NIST must support critical upgrades in IT security and standards across agencies. Agency officials emphasize the necessity of smarter prioritization under resource constraints, with some workforce reductions addressed through voluntary departures and position deferments. The changes come at a time when expectations from both policymakers and the public remain high regarding federal cyber infrastructure and resilience.
Compared to earlier reporting on NIST’s resource challenges, this update highlights a sharper drop in staff, with recent figures indicating notable acceleration in workforce reductions. Whereas earlier years saw NIST primarily focused on standard-setting and validation initiatives at a steady pace, current reports point to significant efforts at clearing approval backlogs despite a smaller team. Previous concerns mainly involved balancing regulation updates with evolving technology; now, resource scarcity makes maintaining timely validation and trust in cryptographic standards a pressing requirement. There has also been a greater emphasis than before on the urgency to prepare for post-quantum cryptography and the associated deadlines for phasing out older algorithms such as RSA.
How Is NIST Managing With Fewer Resources?
NIST’s Information Technology Laboratory (ITL), directed by Kevin Stine, now operates with 289 employees following a loss of nearly a quarter of its staff. Funding for laboratory programs has been cut by $13 million under the latest Congressional spending package. Given these environments, NIST is pressing ahead with a more focused approach to its technical work and strategic priorities.
“It’s forcing a very focused discussion on prioritization of our activities,” said Stine. “Certainly critical emerging technologies and anything aligned with the new NIST strategy, as well as administration priorities, are going to be top of the list and we will adequately resource those.”
The lab’s resources, therefore, are being actively redirected toward federal cybersecurity and post-quantum encryption standards, pushing less urgent projects to the sidelines.
What Impact Have Staffing Reductions Had on Encryption Validation?
Technical work in NIST’s computer security division, such as cryptographic module validation, has seen operational slowdowns. Reduced staff has forced reliance on automation and improved processes to keep up with demand. David Hawes, who manages the cryptography validation program, notes that while average validation times once took nearly a year, the backlog has been reduced from about two years to roughly six months due to concerted efforts.
“I would say [our progress to date] was in spite of the loss,” he said. “We’d be a lot better off in terms of the queue lane now had we not lost the people recently that we did.”
Despite efficiency increases, expired or departing junior staff have hampered traditional review processes, which historically involved careful human vetting of complex documentation.
Can NIST Meet the Post-Quantum Deadline?
Federal agencies face a mandate to switch from existing encryption standards, such as RSA, to new quantum-resistant algorithms by 2030. NIST is facilitating this transition, already testing its first post-quantum cryptographic module. Hawes remarked that resolving validation backlogs is seen as the most effective way NIST can aid the migration. The migration process introduces added complexity, as agencies must both identify vulnerable systems and upgrade them under tight deadlines, relying on NIST for technical assurance.
NIST’s approach amid staffing and budgetary pressures shows the intricate dynamics of securing federal technologies. Although automation and workflow changes have allowed some progress, persistent resource shortages prompt new questions about maintaining high standards and trust in IT security. Agencies dependent on NIST cryptographic validation will watch closely to see if the organization can keep pace with emerging threats and evolving global standards without falling behind. For stakeholders concerned about future encryption effectiveness, understanding NIST’s shifting priorities and ongoing constraints will remain essential. Organizations handling sensitive government data must ensure that they keep abreast of validated cryptographic modules and the phasing out of legacy algorithms ahead of the federal deadline, as this will impact procurement and security compliance across sectors.
