Executive Order 14409, signed June 22, 2026, mandates federal agency migration of high-value assets to NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) post-quantum cryptography standards by December 31, 2030, compressing the prior NSM-10 timeline by four to five years. The harvest-now-decrypt-later threat model means exposure is retrospective and ongoing. Federal contractors should expect FAR rule changes extending these obligations; enterprise security teams should begin cryptographic inventory work now regardless of direct regulatory applicability.