Industry Standards Groups Advance Security with SPDM Standard

DMTF (formerly known as the Distributed Management Task Force) and several of its industry partners (CXL Consortium, NVM Express, Inc., PCI-SIG, SNIA, and Trusted Computing Group) announced the continued evolution of the Security Protocol and Data Model (SPDM) standard, expanding its capabilities to support post-quantum cryptography (PQC) and aligning with the National Security Agency’s Commercial National Security Algorithm (CNSA) 2.0 Suite.

As global cybersecurity threats grow in complexity, the need for resilient, future-proofed security standards has never been greater.

SPDM provides a robust framework for secure device communication, enabling authentication, confidentiality, and integrity for devices across a wide range of industries. With the upcoming CNSA 2.0 regulations on the horizon, industry standards organizations remain committed to staying ahead of emerging security challenges by incorporating PQC support and alignment with CNSA 2.0. This advancement ensures that SPDM remains at the forefront of secure device communication, protecting against quantum-enabled threats that could compromise current cryptographic methods.

“DMTF’s SPDM standard has been instrumental in establishing the integrity of infrastructure and advancing secure device communication across the industry. As we prepare for the transition to PQC, SPDM’s adaptable and robust framework ensures that devices remain protected against emerging threats,” said Jeff Hilland, president, DMTF. “We fully support the evolution of SPDM to incorporate PQC, safeguarding the future of secure authentication and data integrity in an increasingly complex cybersecurity landscape. We’re proud to collaborate with other industry standards organizations to maintain a unified approach to cybersecurity.”

DMTF continues to work closely with global partners and industry leaders to align SPDM with the latest security innovations. This swift action reflects this collective effort, emphasizing interoperability, resilience, and advanced cryptographic protections.

“Broadcom is pleased to collaborate with DMTF to enable the ecosystem with security innovations critical for encryption and authentication protection in the data center,” said Jas Tremblay, VP and GM, data center solutions group, Broadcom, Inc. “Our PCIe Ethernet NICs and NVMe storage adapters utilize DMTF’s SPDM and PQC standards to help protect against emerging cybersecurity and post-quantum threats.”

“HPE is committed to advancing end-to-end security from edge to cloud and this requires building technology today that ensures future security in a post-quantum world,” said Fidelma Russo, EVP and GM, hybrid cloud and CTO, HPE. “We believe Post Quantum Cryptography in DMTF’s SPDM will ensure robust, future-proof protection for hardware authentication and verification. This evolution is crucial in defending against quantum-enabled threats and why we have deployed quantum cryptography in our server infrastructure and are expanding this across our technology portfolio.”

“Post-quantum resilience is our goal for Intel platforms in the coming years,” said Ronak Singhal, senior Fellow and chief architect, Xeon Roadmap, Intel Corp. “As a co-developer of the DMTF specification, Intel supports the PQC-ready SPDM standard as a critical step toward security and resilience in the emerging quantum computing era.”

“SPDM and PQC are essential to our commitment to platform security which is an absolute imperative,” said Chris Dreikosen, VP, Chief quality and security officer, Lenovo Infrastructure Solutions Group. “This enhancement to DMTF’s SPDM standard, by incorporating PQC, will enable additional security capabilities that help us meet the demands of Lenovo customers and the industry at large.”

“Supermicro supports the critical work of DMTF’s SPDM and PQC to establish industry-wide security and interoperability standards,” said Arun Kalluri, VP, software products, Supermicro, Inc. “Security continues to be a critical issue for the industry and Supermicro is committed to collaborating with and supporting the leading industry standard and open-source efforts, including aggressively implementing SPDM and PQC in our extensive portfolio of Cloud, AI, Storage and Edge products.”

“CXL IDE (Integrity and Data Encryption) and TSP (Trusted-Execution-Environment Security Protocol) rely on DMTF’s SPDM and PQC protocols to meet the industry’s demand for confidential computing,” said Dr. Debendra Das Sharma, chair, CXL Consortium. “We are thrilled to continue the evolution of these standards to drive innovation and resilience, delivering a secure, reliable solution for the ecosystem.”

“Robust security is fundamental to the storage ecosystem,” said Amber Huffman, president, NVM Express. “NVM Express is pleased to partner with DMTF on the inclusion of PQC support for the SPDM standard which will enhance secure, reliable storage solutions across the industry.”

“PCI-SIG incorporates Security Protocol and Data Model (SPDM) as part of the PCIe technology security infrastructure to support authentication, confidentiality and integrity,” said Al Yanes, president and board chair, PCI-SIG. “The collaboration to advance the SPDM security standard shows that standards groups can successfully join forces to meet industry needs, benefiting all players in the long-run.”

“As a long-time industry alliance partner, SNIA supports DMTF’s SPDM and PQC standards, which enhance device authentication, secure communication, and futureproofing against post-quantum threats. This partnership leverages collective strengths, simplifies implementations, and accelerates time-to-market. SNIA Swordfish and DMTF Redfish collaborate to manage security aspects, improving user experience and delivering robust solutions. Together, these standards foster innovation and resilience across the industry,” said Richelle Ahlvers, vice-chair, board of directors, SNIA.

“At the Trusted Computing Group (TCG), DMTF’s SPDM and PQC efforts and collaboration are essential to our commitment to security and innovation. SPDM ensures robust device authentication, firmware integrity, and secure communication, while PQC prepares us for the evolving landscape of post-quantum threats,” said Rick Martinez, VP, TCG (Trusted Computing Group). “Together, these standards strengthen and protect devices implementing TCG specifications such as TPM and DICE, and safeguard our ecosystem, building the trust and reliability customers expect.”