Federal mandates (NIST FIPS 203/204/205, NSM-10, OMB M-23-02) set 2030 as the deadline for migrating to post-quantum cryptography. The primary blocker is cryptographic asset discovery — most organizations cannot locate every instance of quantum-vulnerable RSA, ECC, and Diffie-Hellman across their IT and OT environments. Organizations that have not begun CBOM (Cryptographic Bill of Materials) inventory work are already behind schedule given typical OT remediation timelines of 3-7 years.