6.4.1 Can the RSA algorithm be exported from the United States?
Export of the RSA algorithm falls under the same U.S. laws as all other cryptographic products (see the beginning of Section 6.4).
Earlier, the RSA algorithm used for authentication was more easily exported than RSA used for privacy. In the former case, export was allowed regardless of key (modulus) size, although the exporter had to demonstrate that the product could not be easily converted to use the RSA algorithm for encryption. The RSA algorithm for export was generally limited to 512 bits for key management purposes, while the use of RSA for data encryption was generally prohibited.
Regardless of U.S. export policy, RSA has been available abroad in non-U.S. products for several years.