Hardware-Enforced Separation and Policy Enforcement
System and Communications Protection
NIST Control Text
Implement hardware-enforced separation and policy enforcement mechanisms between [Assignment: organization-defined security domains].
NIST Discussion
System owners may require additional strength of mechanism and robustness to ensure domain separation and policy enforcement for specific types of threats and environments of operation. Hardware-enforced separation and policy enforcement provide greater strength of mechanism than software-enforced separation and policy enforcement.
Parameter Values
Assignment (security domains): AI accelerator secure execution environment; host system
SL5 Supplemental Guidance
AI accelerators within Weight Enclaves implement hardware-enforced separation establishing the accelerator as an independent security domain from the host. The accelerator prevents memory access from the host to regions containing sensitive data via DMA or other mechanism. This configuration is controlled by the accelerator and not the host. The host cannot override these policies even with privileged access.
The accelerator must revoke host memory access before decryption begins and ensure data is encrypted before restoring host access.