Page:FACT SHEET - CNSS Policy No. 15, Fact Sheet No. 1.pdf/3

CNSS Policy No. 15, FS-1 June 2003 Responsibilities

(8) U.S. Government Departments or Agencies desiring to use security products implementing AES to protect national security systems and/or information, or other mission critical information related to national security, should submit the details of their requirements to the Director, National Security Agency (ATTN: IA Directorate, V1) for review. NSA will employ established programs (e.g., NSA sponsored developments, the Commercial COMSEC Endorsement Program (CCEP), or the User Partnership Program) in developing and certifying AES security products for these requirements.

(9) The Director, National Security Agency shall:
 * - Review and approve all cryptographic implementations intended to protect national security systems and/or national security information.
 * - Provide advice and assistance to U.S. Government Departments and Agencies in identifying protection requirements and selecting the encryption algorithms and product implementations most appropriate to their needs.

(10) The Director, National Institute and Standards (NIST) shall provide advice and assistance to U.S. Government Departments and Agencies regarding the use of AES for protecting sensitive (unclassified) electronic data.