Department of War vertical · DoD RAI · IL4 / IL5 / IL6 · CMMC 2.0 · OCSF v1.8.0

AI shared responsibility for DoD components and the defense industrial base

The DoD Responsible AI Strategy names five principles but assigns no accountable party, specifies no control thresholds, and provides no evidence model. CMMC 2.0 governs contractor cybersecurity but was not designed around AI. This vertical fills both gaps: 53 controls across five SRF layers, parameterized by impact level (IL4, IL5, IL6), with a separate responsibility split for DoD components, DISA, contractors, and cloud service providers.

Experimental schema. This vertical is a proposed extension of the CoSAI Shared Responsibility Framework, developed independently to demonstrate the approach. It is not part of CoSAI SRF v1.0 and has not been endorsed by CoSAI, DoD, DISA, or any government agency. CMMC and DISA requirement references should be verified against current program documentation before use in official contractor or agency submissions.
53
Controls
5
SRF layers
3
Impact levels (IL4 / IL5 / IL6)
2
System tiers (Non-NSS / NSS)

Impact level and NSS terminology

Level System tier Data classification Cloud authorization path Responsibility split note
IL4 Non-NSS Controlled Unclassified Information (CUI). No classified data. Excludes National Security Information (NSI). FedRAMP Moderate baseline + DoD CC SRG IL4 overlay. Commercial cloud providers with DISA IL4 Provisional Authorization (PA). CSP holds the platform PA. DoD component owns CUI configuration, access policy, and agency-side controls. Contractor systems require CMMC Level 2 for CUI processing.
IL5 Non-NSS CUI that requires higher protection than IL4: Privacy Act data, law enforcement sensitive, some export-controlled research. No classified data. FedRAMP High baseline + DoD CC SRG IL5 overlay. Government-only cloud regions required (GovCloud or equivalent). DISA IL5 PA holders only. Government-community cloud enforces tenant separation. CSP must operate in a US-person-only environment. DoD component retains agency-side controls identical to IL4 but with stricter access vetting.
IL5 NSS Unclassified National Security Systems. Processes NSI or directly supports NSS missions as defined in 44 USC 3552(b)(6): intelligence, cryptology, command and control of military forces, or weapons systems. Government-only cloud region with DISA IL5 PA. CNSS Policy 22 applies. CNSSI 1253 security controls baseline applies in addition to DoD CC SRG. DISA assumes a larger authorization role. The DoD component must document NSS boundary determination. CSP access restricted to cleared US persons; FOCI mitigation may apply.
IL6 NSS Classified information up to and including SECRET. Processed only in classified cloud environments or on-premises classified networks (SIPRNET). Classified cloud (AWS C2S, Azure Government Secret, Oracle NSR) with DISA IL6 PA. No commercial cloud path. ATO issued by Component Authorizing Official for Classified (AOSC). CSP operates as a cleared facility under DISA and DoD oversight. Component ISSO and AO remain accountable for classified workload configuration. Contractor access requires personnel security clearance (Secret or above) and facility clearance (FCL).

The DoD RAI gap. The DoD Responsible AI Strategy and Implementation Pathway (2022) established five principles: Responsible, Equitable, Traceable, Reliable, and Governable (RETR-G). The strategy also created the Chief Digital and Artificial Intelligence Office (CDAO) to oversee implementation. Neither the strategy nor subsequent guidance assigns a named accountable party to each principle, specifies a measurable threshold for compliance, or defines the evidence a program office or contractor must produce. This schema fills that gap by binding each principle to a control, a persona, and an OCSF evidence pointer.

The CMMC gap. CMMC 2.0 (32 CFR Part 170, effective December 2024) governs the cybersecurity posture of defense contractors handling CUI and Federal Contract Information (FCI). Level 2 (110 practices from NIST SP 800-171) applies to contractors processing CUI. CMMC was designed around cybersecurity, not AI governance: it has no practice for model transparency, no threshold for human oversight of AI-generated decisions, and no evidence requirement for training data provenance. This schema provides the AI-specific layer that CMMC does not.

The NSS boundary problem. Many DoD AI deployments cross the NSS boundary at runtime rather than at design time: a logistics model deployed at IL4 may later receive NSI as operational context, pushing it into NSS territory. The nss_boundary field on every control in this schema requires the deploying component to make and document an explicit classification determination before deployment, not after.

The IL-split responsibility problem. The DoD Cloud Computing Security Requirements Guide (CC SRG) defines what the CSP must do to earn a DISA Provisional Authorization at each impact level. It does not define what the DoD component or contractor must do on the agency side of that authorization. This schema provides the component-side control catalog, parameterized by IL, with a responsibility_split value on every control.

Responsibility split values

Split key dod-component disa contractor csp shared Every control carries one value. shared = documented split required; accountable party owns the split determination.

In this section

Schema design

Accountability plane
SRF layers, DoD RAI principles, and personas

Each control names one accountable persona and aligns to one or more of the five DoD RAI principles (Responsible, Equitable, Traceable, Reliable, Governable). DoD roles (CDAO, Program Manager, ISSO, Contracting Officer) map to SRF personas in the how-to guide, not in the JSON.

Control plane
IL-parameterized thresholds + CC SRG split

Four lifecycle stages: ACQ (acquisition), TEVV (test, evaluation, verification and validation), OPS (operational monitoring), OVR (human oversight and remedy). Every control also carries a responsibility_split value aligned to the DoD CC SRG and a nss_boundary flag indicating whether the control applies to Non-NSS, NSS, or both environments.

Evidence plane
OCSF v1.8.0 + CMMC assessment artifacts

Machine-readable evidence uses OCSF event classes where a technical signal exists. Governance artifacts (TEVV plan, impact assessment, ATO package, CMMC evidence folder) are named explicitly so assessors and ISSOs know what documents to produce. IL6 evidence requirements note classified artifact handling.

Coverage by layer

L1
Governance and processes
AI use case registry (DoD AI portfolio, CDAO reporting), Responsible AI Officer designation, AI Governance Board with CDAO oversight, DoD RAI compliance plan, five-principle alignment assessment (RETR-G), AI acquisition requirements per DoDI 5000.90, supply chain AI risk assessment, operator and commander training, incident reporting to CDAO, NSS boundary classification determination. Accountable persona: ai-system-governance.
11 controls
L2
Data and input control
CUI classification and marking on AI inputs and outputs, IL-level data boundary enforcement (tenant isolation by impact level), training data authority-to-use documentation, data egress controls per classification, adversarial input detection, bias and disparate impact monitoring on consequential decisions, NARA-compliant audit log retention for AI decisions, contractor data isolation from DoD data planes. Accountable personas: data-provider and application-developer.
10 controls
L3
Application and integration
TEVV plan and execution (pre-deployment test, evaluation, verification and validation per DoDI 5000.89), AI impact assessment before operational deployment, human oversight gate for use-of-force-adjacent and consequential administrative decisions, operator interface override capability, remedy and appeal mechanism for adverse decisions, agentic task boundary enforcement, prompt injection detection, inheritance chain documentation for shared services, plain-language explanation of AI-generated outputs for operators. Accountable personas: application-developer and agentic-platform-provider.
11 controls
L4
Platform and infrastructure
DISA Provisional Authorization at required IL (IL4, IL5, or IL6), STIG baseline configuration enforcement, IL-appropriate cloud region enforcement (commercial / government-only / classified), CUI and classified data encryption to NSA-approved standards, audit log completeness per DISA requirements, API gateway authentication and authorization, CMMC Level 2 or 3 assessment for contractor-owned platforms, continuous vulnerability scanning (DISA ACAS), mission-critical AI availability SLA, network isolation enforcement by IL boundary. Accountable personas: ai-platform-provider and agentic-platform-provider.
12 controls
L5
Model and supplier
Model transparency card and documentation per DoDI 5000.90 and M-25-22 transparency terms, vendor drift disclosure SLA, model artifact signing and bill of AI materials (BoAIM), vulnerability disclosure SLA and patch cadence, model portability to avoid lock-in, re-validation trigger on version change, personnel security clearance requirement for cleared personnel accessing IL6 model infrastructure. Accountable persona: model-provider.
9 controls

GovRAMP crosswalk and CMMC practice-to-control mapping are on the roadmap. IL6 classified cloud providers (C2S, Azure Government Secret, Oracle NSR) will receive separate evidence pointer annotations once classified-environment OCSF implementation guidance is available.

Regulatory crosswalk

DoD RAI Strategy (2022)
DoDI 5000.90 (AI Acquisition)
DoDI 5000.89 (TEVV)
DoD Directive 3000.09 (AWS)
DoD CC SRG (IL4 / IL5 / IL6)
CMMC 2.0 (32 CFR Part 170)
NIST SP 800-171 Rev 3
NIST SP 800-172
CNSSI 1253 (NSS baseline)
CNSS Policy 22 (NSS cloud)
NIST AI RMF 1.0
NIST AI 600-1
DISA STIGs
OWASP LLM Top 10
DFARS 252.204-7012 (CUI safeguarding)