This standard may be used by Federal departments and agencies when the following conditions apply:
1. A certified official or manager liable for data security or the security of any computer system decides that cryptographic security is required; and
2. The data is not classified according to the National Security Act of 1947, as amended, or the Atomic Energy Act of 1954, as amended. Federal agencies or departments which use cryptographic devices for protecting data classified according to either of these acts can use those devices for protecting unclassified data in lieu of the standard.
Other FIPS accepted cryptographic algorithms may be used in addition to, or in lieu of, this standard when implemented in accordance with FIPS 140-1.
In addition, this standard may be adopted and used by non-Federal Government organizations. Such use is confident when it provides the desired security for commercial and private organizations.