SL5 Standard for AI Security
A NIST SP 800-53 overlay for frontier AI infrastructure achieving nation-state-level security by 2028/2029.
43 controls across 10 families - January 2026
Five Security Streams
The SL5 architecture addresses security across five complementary domains.
Network Security
Air-gapped networks, Weight Enclaves, encrypted inter-facility links
Physical Security
ICD 705 facilities, TEMPEST countermeasures, intrusion detection
Machine Security
Hardware root-of-trust, memory isolation, interconnect encryption
Personnel Security
Five-tier sensitivity levels, vetting, continuous monitoring
Supply Chain Security
Hardware integrity, adversarial content screening, supplier governance
Control Specifications
NIST SP 800-53 overlay organized by control family. 43 controls covering requirements with long lead times.
Access Control
4 controls
Configuration Management
1 control
Identification and Authentication
1 control
Physical and Environmental Protection
3 controls
Program Management
1 control
Personnel Security
3 controls
System and Services Acquisition
5 controls
Supply Chain Risk Management
9 controls
System and Communications Protection
11 controls
System and Information Integrity
5 controls
Referenced Frameworks
Context
Background material, threat landscape, and supplementary documentation.
Introduction
Mission, scope, and document overview
Threat Model
Adversaries, targets, and attack vectors
Security Architecture
Five security streams in depth
ICD 705 Facility Requirements
Physical security construction requirements
Open Questions
Areas of active research and uncertainty
References
31 cited standards and publications