H.R. 3259 would require the National Institute of Standards and Technology (NIST), in consultation with the Department of Homeland Security, to issue and promote standards to protect against advanced cyberattacks using post-quantum cryptography (a new form of encryption). The bill also would allow NIST to provide technical assistance and award grants to entities at high risk of such attacks to support adoption of those standards.
The estimated budgetary effects of the legislation are shown in Table 1. The costs of the legislation fall within budget function 250 (General Science, Space, and Technology).
Based on the cost of a similar cybersecurity grant program administered by the Department of Homeland Security and funded at $250 million annually for all state and local entities, CBO estimates that a more targeted grant program under the bill would cost about $30 million each year. Because NIST is already developing relevant standards, CBO expects that the agency would implement that requirement using existing resources. Based on the cost of similar activities, CBO estimates that the administrative and reporting requirements would cost less than $500,000 over the 2026-2031 period.
In total, and after accounting for anticipated inflation, CBO estimates that implementing the bill would cost $104 million over the 2026-2031 period. Such spending would be subject to the availability of appropriated funds.
Table 1.
Estimated Budgetary Effects of H.R. 3259
By Fiscal Year, Millions of Dollars
2026
2027
2028
2029
2030
2031
2026-2031
Increases in Spending Subject to Appropriation
Estimated Authorization
*
30
31
32
32
33
158
Estimated Outlays
*
10
15
21
27
31
104
* = between zero and $500,000.
The CBO staff contact for this estimate is Emma Uebelhor. The estimate was reviewed by H. Samuel Papenfuss, Deputy Director of Budget Analysis.
