References

Standards, publications, and resources referenced in the SL5 Standard

1. 1

   S. Nevo, D. Lahav, A. Karpur, Y. Bar-On, H. Alexander Bradley, and J. Alstott, “Securing AI Model Weights: Preventing Theft and Misuse of Frontier Models,” RAND Corporation, Santa Monica, CA, USA, RR-A2849-1, 2024. doi: 10.7249/RRA2849-1. [Online]. Available: https://www.rand.org/pubs/research_reports/RRA2849-1.html

2. 2

   Joint Task Force, “Security and Privacy Controls for Information Systems and Organizations,” NIST Special Publication 800-53, Rev. 5 (Final; includes updates as of Dec. 10, 2020), National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA, Sep. 2020. doi: 10.6028/NIST.SP.800-53r5. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

3. 3

   J. Boyens, A. Smith, N. Bartol, K. Winkler, A. Holbrook, and M. Fallon, “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” NIST Special Publication 800-161 Revision 1 Update 1 (includes updates as of Nov. 1, 2024), National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA, May 2022. doi: 10.6028/NIST.SP.800-161r1-upd1. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1-upd1.pdf

4. 4

   Committee on National Security Systems, “Security Categorization and Control Selection for National Security Systems,” CNSSI No. 1253, Mar. 27, 2014. [Online]. Available: https://www.dcsa.mil/Portals/69/documents/io/rmf/CNSSI_No1253.pdf

5. 5

   FedRAMP Program Management Office, “FedRAMP Security Controls Baseline” (spreadsheet), FedRAMP. [Online]. Available: https://www.fedramp.gov/resources/documents/FedRAMP_Security_Controls_Baseline.xlsx

6. 6

   Office of the Director of National Intelligence, “Sensitive Compartmented Information Facilities,” Intelligence Community Directive (ICD) 705 (Effective: 26 May 2010). [Online]. Available: https://www.intelligence.gov/assets/documents/intelligence-community-directives/ICD_705.pdf

7. 7

   Office of the Director of National Intelligence, “Physical and Technical Security Standards for Sensitive Compartmented Information Facilities,” Intelligence Community Standard (ICS) 705-1 (Effective: 17 September 2010). [Online]. Available: https://www.dni.gov/files/NCSC/documents/Regulations/ICS-705-1.pdf

8. 8

   Committee on National Security Systems, Protected Distribution Systems (PDS), CNSSI No. 7003, 2015. [Online]. Available: https://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf

9. 9

   National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/1-92, “Compromising Emanations Laboratory Test Requirements, Electromagnetics,” National Security Agency, 1992. [Online]. Available: https://cdn.preterhuman.net/texts/government_information/intelligence_and_espionage/homebrew.military.and.espionage.electronics/servv89pn0aj.sn.sourcedns.com/_gbpprorg/mil/vaneck/nsa/nt1-92-1-5.htm

10. 10

    National Security Agency, “Specification for RF Shielded Enclosures,” NSA No. 94-106, Fort Meade, MD, USA. [Online]. Available: https://linas.org/mirrors/cryptome.org/20050616.nsa94-106.pdf

11. 11

    National Institute of Standards and Technology, Security Requirements for Cryptographic Modules, FIPS PUB 140-3, Mar. 2019. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf

12. 12

    NIST, “FIPS 140-3 Adopts ISO/IEC Standards,” ITL Bulletin, May 2019. [Online]. Available: https://csrc.nist.gov/files/pubs/shared/itlb/itlbul2019-05.pdf

13. 13

    NIST, “Cryptographic Module Validation Program (CMVP) – FIPS 140-3 Standards,” NIST CSRC Project Documentation. [Online]. Available: https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-standards

14. 14

    National Security Agency, “Commercial Solutions for Classified (CSfC) Program — Customer Handbook,” Feb. 6, 2021. [Online]. Available: https://media.defense.gov/2021/Apr/02/2002613880/-1/-1/0/CSFC%20PMO%20CUSTOMER%20HANDBOOK_02062021.PDF/CSFC%20PMO%20CUSTOMER%20HANDBOOK_02062021.PDF

15. 15

    Confidential Computing Consortium, “Confidential Computing: Hardware-Based Trusted Execution for Applications and Data,” CCC White Paper, v1.3, Nov. 2022. [Online]. Available: https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC_outreach_whitepaper_updated_November_2022.pdf

16. 16

    NVIDIA Corp., “Confidential Computing on NVIDIA H100 GPUs for Secure and Trustworthy AI,” NVIDIA Technical Blog, Aug. 2023. [Online]. Available: https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/

17. 17

    A. Dhar et al., “Ascend-CC: Confidential Computing on Heterogeneous NPUs for Emerging Generative AI Workloads,” arXiv:2407.11888, 2024. [Online]. Available: https://arxiv.org/abs/2407.11888

18. 18

    B. Biggio and F. Roli, “Wild Patterns: Ten years after the rise of adversarial machine learning,” Pattern Recognit., vol. 84, pp. 317–331, Dec. 2018. [Online]. Available: https://arxiv.org/pdf/1712.03141.pdf

19. 19

    N. Papernot, P. McDaniel, A. Sinha, and M. P. Wellman, “SoK: Security and Privacy in Machine Learning,” in Proc. IEEE European Symposium on Security and Privacy (EuroS&P), 2018. [Online]. Available: https://oaklandsok.github.io/papers/papernot2018.pdf

20. 20

    The SL5 Task Force, "SL5 Novel Recommendations," preliminary, Nov. 2025. [Online]. Available: https://sl5.org/projects/sl5-novel-recommendations

21. 21

    U.S. Department of Defense, Defense Federal Acquisition Regulation Supplement (DFARS), “252.239-7000 — Protection Against Compromising Emanations (OCT 2019)” (printable PDF), Acquisition.gov. [Online]. Available: https://www.acquisition.gov/node/36728/printable/pdf

22. 22

    Office of the Director of National Intelligence, “Standards for the Accreditation and Reciprocal Use of Sensitive Compartmented Information Facilities,” Intelligence Community Standard (ICS) 705-02, Dec. 22, 2016. [Online]. Available: https://www.dni.gov/files/NCSC/documents/Regulations/ICS_705-2_Standards_for_Accreditation_Reciprocal_Use_of_SCIFs.pdf

23. 23

    National Counterintelligence and Security Center, Office of the Director of National Intelligence, “Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities,” VERSION 1.5 (IC Tech Spec – for ICD/ICS 705), Mar. 13, 2020. [Online]. Available: https://www.dni.gov/files/Governance/IC-Tech-Specs-for-Const-and-Mgmt-of-SCIFs-v15.pdf

24. 24

    NVIDIA Corp., “NVIDIA Secure AI with Blackwell and Hopper GPUs,” White Paper, WP-12554-001_v1.3, Aug. 2025. [Online]. Available: https://docs.nvidia.com/nvidia-secure-ai-with-blackwell-and-hopper-gpus-whitepaper.pdf

25. 25

    National Institute of Standards and Technology, “NIST Releases Revision to SP 800-53 Security and Privacy Controls,” Computer Security Resource Center (CSRC), Aug. 27, 2025. [Online]. Available: https://csrc.nist.gov/News/2025/nist-releases-revision-to-sp-800-53-controls

26. 26

    The SL5 Task Force, "The Sensitivity Levels Framework (SenLs)," Nov. 2025. [Online]. Available: https://sl5.org/projects/sensitivity-levels-framework

27. 27

    Office of the Under Secretary of Defense for Acquisition and Sustainment, "Trusted Supplier Programs," Defense Microelectronics Activity (DMEA), Trusted Access Program Office (TAPO). [Online]. Available: https://www.acq.osd.mil/asds/dmea/tapo/trusted-supplier-programs.html

28. 28

    Committee on National Security Systems, "Committee on National Security Systems (CNSS) Glossary," CNSSI No. 4009, Apr. 6, 2015. [Online]. Available: https://www.dni.gov/files/NCSC/documents/nittf/CNSSI-4009_National_Information_Assurance.pdf

29. 29

    S. Altman, J. Pachocki, and W. Zaremba, “Sam, Jakub, and Wojciech on the future of OpenAI with audience Q&A,” YouTube, Oct. 29, 2025. Accessed: Feb. 9, 2026. [Online Video]. Available: https://www.youtube.com/watch?v=ngDCxlZcecw

30. 30

    D. Amodei, “The Adolescence of Technology,” Dario Amodei Blog, January 2026. [Online]. Available: https://www.darioamodei.com/essay/the-adolescence-of-technology

31. 31

    SL5 Task Force, “Sensitivity Levels Framework,” SL5 Task Force – Security Level 5 for Frontier AI. [Online]. Available: https://sl5.org/projects/sensitivity-levels-framework