sc

System and Communications Protection

11 controls

SC-7

Boundary Protection

Parameters

The SL5 Network encompasses SL5 model development, training, and deployment operations. External network connections are prohibited to prevent unauthorized access and exfiltration while supporting SL5...

View details
SC-7(10)

Prevent Exfiltration

Organizations prevent exfiltration of covered models through physical bandwidth limitation on outbound flows from Weight Enclaves. Hardware-enforced rate limiting provides deterministic throughput cap...

View details
SC-7(21)

Isolation of System Components

Parameters

Weight Enclaves isolate systems requiring direct access to covered models within the SL5 Network. This isolation protects against weight exfiltration while enabling operations such as training, infere...

View details
SC-8(1)

Cryptographic Protection

Parameters

Accelerator Interconnect Encryption: AI accelerators within Weight Enclaves cryptographically protect all data transmitted over chip-to-chip interconnects (e.g., NVLink, UALink, custom fabrics). Hardw...

View details
SC-8(5)

Protected Distribution System

Parameters

All Weight Enclave network traffic leaving the Red Zone perimeter requires PDS per CNSSI 7003. Unlike standard SCIF requirements (which apply only to unencrypted traffic), SL5 requires PDS for all Wei...

View details
SC-13

Cryptographic Protection

This standard specifies FIPS 140-3 Level 3 module validation for inline network encryptors at inter-facility boundaries per SC-8(1). Cryptographic uses and types for other contexts are specified by ap...

View details
SC-15(3)

Disabling and Removal in Secure Work Areas

Parameters

No wireless devices or collaborative computing devices (cameras, microphones, video conferencing) are permitted in Red Zones. All equipment must be hardwired with wireless capabilities physically remo...

View details
SC-28(3)

Cryptographic Keys

Parameters

AI accelerators within Weight Enclaves provide a dedicated secure element for cryptographic keys used in encrypted data paths and attestation. The host system cannot access this key storage....

View details
SC-29

Heterogeneity

Parameters

The organization deploys at least two inline network encryptors from different suppliers in series for each inter-facility connection, consistent with the NSA “Rule of Two” [14]. Different suppliers m...

View details
SC-32

System Partitioning

Weight Enclaves constitute separate physical and logical domains within the SL5 Network. This partitioning protects covered models from unauthorized access by other SL5 Network components while enabli...

View details
SC-49

Hardware-Enforced Separation and Policy Enforcement

Parameters

AI accelerators within Weight Enclaves implement hardware-enforced separation establishing the accelerator as an independent security domain from the host. The accelerator prevents memory access from ...

View details