National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information [open pdf - 435KB]
Federal Information Processing Standard (FIPS) No. 197, dated 26 November 2001, promulgated and endorsed the Advanced Encryption Standard (AES) as the approved algorithm for protecting sensitive (unclassified) electronic data. Since that time, questions have arisen whether AES (or products in which AES is implemented) can or should be used to protect classified information and at what levels. Responsive to those questions, the National Security Agency (NSA) has conducted a review and analysis of AES and its applicability to the protection of national security systems and/or information. The policy guidance documented herein reflects the results of those efforts.
CNSS Policy No. 15, Fact Sheet No. 1
Committee on National Security Systems: http://www.cnss.gov