AES is the FIPS-approved block cipher for confidentiality, but most failures come from unsafe use around the cipher.
This page explains what FIPS 197 specifies and how to use AES safely in real systems.
Structured answer sets in this page tree.
Cited legal and guidance references.
FIPS 197, updated on 9 May 2023 as FIPS 197 upd1, specifies the Advanced Encryption Standard. It defines three members of the Rijndael family: AES-128, AES-192, and AES-256. All use a fixed 128-bit block size, and the key length determines the variant. The practical engineering problem is not the round function itself. It is safe usage: approved mode selection, IV or nonce rules, key handling, and evidence that your implementation matches your assurance claims.
FIPS 197 is the algorithm standard. It defines AES as a symmetric block cipher with a fixed 128-bit block and key lengths of 128, 192, or 256 bits.
It does not by itself specify a secure application profile for files, APIs, or network protocols. The standard says AES shall be used with a FIPS-approved or NIST-recommended mode of operation. That means teams have to govern the full bundle: AES plus mode plus IV or nonce rules plus key lifecycle.
Most AES failures are not failures of the cipher. They are failures of mode choice, IV reuse, weak key separation, or sloppy error handling.
Treat AES usage as a controlled bundle. If any one part of the bundle is uncontrolled, the overall design can fail even when the algorithm is correct.
AES deployments go wrong when secure defaults are optional or when different runtimes quietly pick different configurations. The safest pattern is to publish a narrow approved-configuration set per supported product version and environment.
That matters even more in FIPS 140-3 contexts, because the approved-mode story must be consistent across documentation, test evidence, and runtime behavior.
Even if you are not pursuing immediate module validation, customers and internal reviewers will ask the same questions: where is AES used, what parameters are allowed, and how do you prevent misuse.
Build the evidence pack as a byproduct of engineering work rather than as a late-stage audit exercise.
Research Copilot can take FIPS Crypto Algorithms AES (FIPS 197) from getting cited answers and faster research on this topic to a reusable workflow inside Sorena. Teams working on FIPS Crypto Algorithms can keep owners, evidence, and next steps aligned without copying this guide into separate documents.
Start from FIPS Crypto Algorithms AES (FIPS 197) and answer scope, timing, and interpretation questions with cited outputs.
Review your current process, evidence gaps, and next steps for FIPS Crypto Algorithms AES (FIPS 197).