System and Communications Protection

The SL5 Network encompasses SL5 model development, training, and deployment operations. External network connections are prohibited to prevent unauthorized access and exfiltration while supporting SL5...

Organizations prevent exfiltration of covered models through physical bandwidth limitation on outbound flows from Weight Enclaves. Hardware-enforced rate limiting provides deterministic throughput cap...

Weight Enclaves isolate systems requiring direct access to covered models within the SL5 Network. This isolation protects against weight exfiltration while enabling operations such as training, infere...

Accelerator Interconnect Encryption: AI accelerators within Weight Enclaves cryptographically protect all data transmitted over chip-to-chip interconnects (e.g., NVLink, UALink, custom fabrics). Hardw...

All Weight Enclave network traffic leaving the Red Zone perimeter requires PDS per CNSSI 7003. Unlike standard SCIF requirements (which apply only to unencrypted traffic), SL5 requires PDS for all Wei...

This standard specifies FIPS 140-3 Level 3 module validation for inline network encryptors at inter-facility boundaries per SC-8(1). Cryptographic uses and types for other contexts are specified by ap...

No wireless devices or collaborative computing devices (cameras, microphones, video conferencing) are permitted in Red Zones. All equipment must be hardwired with wireless capabilities physically remo...

AI accelerators within Weight Enclaves provide a dedicated secure element for cryptographic keys used in encrypted data paths and attestation. The host system cannot access this key storage....

The organization deploys at least two inline network encryptors from different suppliers in series for each inter-facility connection, consistent with the NSA “Rule of Two” [14]. Different suppliers m...

Weight Enclaves constitute separate physical and logical domains within the SL5 Network. This partitioning protects covered models from unauthorized access by other SL5 Network components while enabli...

AI accelerators within Weight Enclaves implement hardware-enforced separation establishing the accelerator as an independent security domain from the host. The accelerator prevents memory access from ...