Page:FACT SHEET - CNSS Policy No. 15, Fact Sheet No. 1.pdf/1



June 2003 Background

(1) Federal Information Federal Information Processing Standard (FIPS) No. 197, dated 26 November 2001, promulgated and endorsed the Advanced Encryption Standard (AES) as the approved algorithm for protecting sensitive (unclassified) electronic data. Since that time, questions have arisen whether AES (or products in which AES is implemented) can or should be used to protect classified information and at what levels. Responsive to those questions, the National Security Agency (NSA) has conducted a review and analysis of AES and its applicability to the protection of national security systems and/or information. The policy guidance documented herein reflects the results of those efforts.

Introduction

(2) In the context of today’s complex world and even more complex communicating environments, the need for protecting information takes on added importance and significance. The protection of information is not solely dependent on the mathematical strength of an algorithm that may be a part of a communications security device or a communications system, nor is the selection of that algorithm based only on the classification of the information to be protected. Many factors come into play in deciding what algorithm can or should be used to satisfy a particular requirement. These include:


 * - The quality of implementation of the algorithm in specific software, firmware, or hardware
 * - Operational requirements associated with U.S. Government-approved key and key management activities;