The 995-Node
Intelligence Forest
The world's most comprehensive, source-verified resource for autonomous AI agents. Every node is cryptographically signed, RAG-optimized, and gated via L402 settlement protocols.
Neural Discovery Search
bidda.com / authority / sovereign-forest
SHA-256_INTEGRITY_AUDIT_PASSED
AI Model Valuation (IAS 38)
"IAS 38 Intangible Assets, issued by the IASB, governs the recognition, measurement, and disclosure of intangible assets including internally developed AI models, training datasets, and software. An intangible asset must meet strict recognition criteria: identifiability, control, and probable future economic benefit. Development-phase AI expenditure may be capitalized only after technical feasibility is established under all six IAS 38.57 criteria, while research-phase costs must be expensed immediately. Failure to correctly distinguish research from development phases, or to apply impairment testing under IAS 36, results in materially misstated financial statements and potential regulatory action by securities authorities."
Technical ID
accounting-ias-38
Digital Asset Fair Value (IFRS 13)
"IFRS 13 Fair Value Measurement establishes a single framework for measuring fair value across all IFRS standards that require or permit fair value measurement, including digital assets, AI-tokenized instruments, and crypto holdings. Fair value is defined as the exit price in an orderly transaction between market participants at the measurement date. Entities must classify inputs into a three-level hierarchy (Level 1: quoted prices in active markets; Level 2: observable inputs; Level 3: unobservable inputs) and maximize use of observable inputs. Digital and AI-linked assets with limited trading history frequently fall into Level 3, requiring robust valuation models and extensive disclosures; inadequate classification or disclosure triggers audit qualifications and securities regulator scrutiny."
Technical ID
accounting-ifr-13
Engineers Ethics (ACEC)
"The American Council of Engineering Companies (ACEC) Code of Ethics establishes the binding professional obligations for licensed engineers and consulting firms. Engineers must hold paramount the safety, health, and welfare of the public above all client or employer interests. Core obligations include qualifications-based fee competition (Brooks Act compliance), professional seal authorization, conflict-of-interest disclosure, errors and omissions insurance, and continuing professional education. Violations expose firms to license revocation, civil liability, and federal debarment."
Technical ID
acec-ethics-eng
ADA (Employment Title I)
"The Americans with Disabilities Act Title I (42 U.S.C. §12101–12117), as amended by the ADA Amendments Act of 2008 (ADAAA), is the primary U.S. federal law prohibiting employment discrimination against qualified individuals with disabilities. Covered employers with 15 or more employees must provide reasonable accommodations unless doing so causes undue hardship. Title I restricts all medical inquiries to post-conditional-offer only, mandates initiation of the interactive process upon disclosure of a disabling limitation, and requires accessible employment technology at WCAG 2.1 AA minimum. The EEOC enforces Title I through administrative charges; violations expose employers to back pay, compensatory and punitive damages, and injunctive relief requiring policy and structural changes."
Technical ID
ada-employment-title-1
ADA (Hospitality Accessibility)
"ADA Title III (42 U.S.C. §12181–12189) requires all places of public accommodation — including hotels, motels, restaurants, bars, and food service establishments — to provide equal access to individuals with disabilities. New construction and alterations commenced after January 26, 1992 must fully comply with the 2010 ADA Standards for Accessible Design. Existing facilities must remove architectural barriers where readily achievable. Hotels must provide a regulated percentage of accessible guest rooms, van-accessible parking at prescribed ratios, accessible routes of 36-inch minimum clear width, pool lifts for pools exceeding 300 linear feet of pool wall, and visual communication features for guests with hearing impairments. DOJ enforces Title III through civil investigations and pattern-or-practice suits; private plaintiffs may sue for injunctive relief and attorney fees. Non-compliant operators face structural modification orders and potential damages in states with enhanced state accessibility laws."
Technical ID
ada-hospitality-access
Agent Budgetary Controls & Ceiling Checks
"Agentized financial controls (Action Boundaries) restrict an autonomous agent's spending power per session, task, or API call to prevent catastrophic loss or unbounded consumption. A properly implemented budget cap architecture requires: a durable spend counter initialized at agent boot, pre-call ceiling checks before every API invocation, fleet-level daily aggregation across all sessions, hard stops on breach with no retry path, mandatory human approval gates for high-value actions, full audit logging of every spend event, and MFA-gated emergency override procedures. Absent these controls, autonomous agents can exhaust allocated compute budgets, incur unexpected cloud costs, or trigger runaway API consumption within a single malformed task."
Technical ID
agent-budget-cap
Agent Emergency Stop (Kill-Switch) Design Patterns
"An AI Agent Kill-Switch is a deterministic safety mechanism designed to immediately terminate or throttle an autonomous agent's execution if it exceeds predefined behavioral, financial, or operational boundaries."
Technical ID
agent-kill-switch
Multi-Agent Collision Resolution
"Multi-agent collision logic provides deterministic protocols for resolving conflicts when two or more autonomous AI agents simultaneously attempt to access the same resource, modify the same shared state, execute contradictory actions, or pursue incompatible goal trajectories within a swarm or orchestration framework. Without collision resolution, multi-agent systems produce race conditions, data corruption, deadlocks, and cascading failures that are difficult to audit or remediate. The resolution framework draws from distributed systems theory — consensus algorithms, vector clocks, conflict-free replicated data types (CRDTs), and resource arbitration — as well as emerging agentic safety standards. Properly implemented collision logic ensures predictable, auditable outcomes and maintains system safety invariants even when individual agents operate concurrently and autonomously."
Technical ID
ai-agent-collision-logic
AI-IP: Guidance on Authorship
"The US Copyright Office's AI Policy Statement (February 2023) and subsequent guidance (March 2023) establish that copyright protection requires human authorship — purely AI-generated content without human creative control is not copyrightable in the United States. Works involving AI assistance may receive copyright protection for the human-authored elements, but only if a human author made sufficient creative choices that were expressed in the final output. The EU, UK, and other jurisdictions take varying positions, with the UK's Computer Generated Works doctrine providing limited protection for AI outputs. Misrepresenting AI-generated content as human-authored to obtain copyright registration constitutes fraud; failure to disclose AI involvement in patent applications may similarly invalidate those applications."
Technical ID
ai-ip-copyright
AICPA Code of Ethics
"The AICPA Code of Professional Conduct (ET §0.300) establishes binding ethical standards for Certified Public Accountants in public practice and business. The Code requires CPAs to maintain independence in all attest engagements — any direct or material indirect financial interest in an audit client creates an impairment with no de minimis exception. The Conceptual Framework (ET §1.010.010) mandates evaluation of five threat categories (self-interest, self-review, advocacy, familiarity, and intimidation) and application of safeguards before accepting or continuing any engagement. Key operational requirements include: 40 hours of continuing professional education annually, 7-year documentation retention under PCAOB Rule 4003, engagement quality review by a second partner for all public company audits, prohibition on management functions and bookkeeping for audit clients under SOX §201, and confidentiality breach notification within 24 hours. Violations expose CPAs to AICPA Ethics Division investigation, state board disciplinary action, license revocation, and SEC or PCAOB enforcement proceedings for registered firms."
Technical ID
aicpa-code-ethics
Responsible Alcohol Service
"Responsible alcohol service standards govern the legal and operational obligations of licensed on-premise alcohol retailers — bars, restaurants, hotels, event venues, and stadiums — to prevent service to minors and visibly intoxicated patrons. The National Minimum Drinking Age Act (23 U.S.C. §158) mandates a minimum legal drinking age of 21 in all U.S. states; service to minors exposes licensees to criminal liability, license revocation, and civil dram shop liability. State Dram Shop Acts impose third-party tort liability on servers who provide alcohol to visibly intoxicated persons who subsequently cause injury. Compliance requires: mandatory server certification through programs such as TIPS (Training for Intervention ProcedureS) or ServSafe Alcohol, documented ID verification procedures with a check-for-anyone-appearing-under-30 standard, written protocols for identifying signs of intoxication and executing patron cutoff, incident log maintenance, and manager override authorization for disputed service decisions. Licensees failing to enforce responsible service standards face ABC license suspension, criminal prosecution of servers, and civil judgments in dram shop actions that have exceeded $1 million in multiple U.S. jurisdictions."
Technical ID
alcohol-service-std
Amazon Ads (Policy)
"Compliance with this node ensures adherence to a comprehensive framework governing Amazon advertising, rooted in both platform policy and federal law. All advertising creative must meet stringent content requirements outlined in the Amazon Advertising Guidelines and Acceptance Policies, which mandate a minimum image longest side of 1000 pixels while strictly disallowing text on any main product image. Accompanying custom text fields are constrained to a maximum length of 50 characters. In alignment with guidance from FTC .com Disclosures, a sponsored disclosure is unequivocally required to maintain transparency with consumers. The node prohibits practices that could mislead consumers, reflecting the Lanham Act's general prohibition against false descriptions of fact in commerce. Consequently, deceptive pricing claims are disallowed, and any unsubstantiated claims are similarly forbidden, a rule further supported by the FTC Guides Concerning the Use of Endorsements and Testimonials regarding assertions like 'bestseller.' To protect platform integrity per the Amazon Seller Central Policy, off-platform redirection is not permitted, and a direct landing page ASIN match is mandated for all ad clicks. Intellectual property protections are enforced through mandatory brand registry verification as stipulated by the Amazon Brand Registry Terms of Use, a standard which also underpins the policy to prohibit competitor brand disparagement. Finally, all advertisements must utilize a supported marketplace language and avoid any restricted or prohibited product categories."
Technical ID
amazon-sponsored-ads-policy
Aerospace Quality Management System (AS9100 Rev D)
"The gold standard for quality management in the Aviation, Space, and Defense sectors, extending ISO 9001 with rigorous aerospace-specific safety and risk requirements."
Technical ID
as9100-rev-d
AS9100 Rev D (Aviation QMS)
"AS9100 Rev D is the international Quality Management System (QMS) standard for the Aviation, Space, and Defense (AS&D) industry. It incorporates the entire ISO 9001:2015 standard while adding specific requirements for product safety, counterfeit parts prevention, configuration management, and operational risk."
Technical ID
as9100-rev-d-qms
AS9110 (Maintenance QMS)
"AS9110 is the international Quality Management System standard specifically designed for aviation maintenance, repair, and overhaul (MRO) organizations. It builds upon AS9100 requirements by incorporating specific civil aviation regulations (EASA/FAA) and focusing on maintenance-specific factors like human performance and airworthiness."
Technical ID
as9110-maintenance-qms
AS9120 (Distributor QMS)
"AS9120 is the international Quality Management System standard for distributors and stockholders in the Aviation, Space, and Defense industry. It focuses on the chain of custody, traceability, and the control of records to ensure 'Certificate of Conformity' (CoC) and airworthiness documentation are maintained throughout the supply chain."
Technical ID
as9120-distributor-qms
CMMC 2.0 Level 2 Cybersecurity (Advanced)
"A mandatory US Department of Defense (DoD) certification for contractors handling Controlled Unclassified Information (CUI), based on the 110 practices of NIST SP 800-171."
Technical ID
cmmc-2-audit
DFARS 252.204-7012 (Cyber)
"DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) is the primary U.S. defense acquisition regulation for protecting CDI. It mandates the implementation of NIST SP 800-171 and requires rapid cyber incident reporting (within 72 hours) for all defense contractors handling sensitive military data."
Technical ID
dfars-7012-defense-cyber
RTCA DO-178C Software Considerations in Airborne Systems and Equipment Certification
"DO-178C provides guidance for determining that airborne system software has an acceptable level of safety and integrity. It requires applicants for certification to follow a rigorous set of process objectives for software planning, development, verification, and configuration management, with the level of effort directly corresponding to the Software Level (A-E) assigned based on failure condition severity as defined in Section 2.2."
Technical ID
do-178c-airborne-software-2011
EAR Dual-Use Export Control
"The Export Administration Regulations (EAR) govern the export of 'Dual-Use' items—commercial commodities, software, and technology that also have potential military or proliferation applications. It is centered around the Commerce Control List (CCL) and the Export Control Classification Number (ECCN) to determine license requirements."
Technical ID
ear-dual-use-export
EASA Artificial Intelligence Roadmap 2.0 — AI Application in Aviation Safety
"This strategic roadmap outlines the European Union Aviation Safety Agency's approach to integrating Artificial Intelligence (AI) into aviation, establishing a learning-based framework to ensure safety and trustworthiness. It introduces the AI Trustworthiness concept (Chapter 4) and a three-level AI assurance framework (Level 1A/1B, 2, 3) to guide the development of new certification standards for AI/ML applications."
Technical ID
easa-ai-roadmap-2023
EASA Part 145 (Maintenance)
"EASA Part 145 is the European standard for the approval of maintenance organizations in civil aviation. It specifies the requirements for the organization, personnel, facility, and procedures to ensure the airworthiness of aircraft and components through safe and standardized maintenance practices."
Technical ID
easa-part-145-maintenance
Title 14 CFR Part 107 — Small Unmanned Aircraft Systems (2021 Update)
"This regulation establishes the operational and certification rules for commercial use of small unmanned aircraft systems (sUAS) weighing less than 55 pounds within the U.S. National Airspace System. As outlined in Subparts B and C, it mandates remote pilot certification, sUAS registration, and adherence to strict operational limitations, including maintaining visual line-of-sight (VLOS) unless a waiver is granted."
Technical ID
faa-part-107-uas-2021
FAA Part 21 (Certification)
"FAA Part 21 (Certification Procedures for Products and Articles) is the primary U.S. regulation for the certification of aircraft, engines, propellers, and parts. it encompasses the entire life cycle from initial type certificate (TC) through production certificate (PC) and final airworthiness certificate issuance."
Technical ID
faa-part-21-certification
Remote Identification of Unmanned Aircraft
"This rule requires most unmanned aircraft (drones) operating in United States airspace to be equipped with Remote ID technology, which broadcasts identification and location information of the drone and its control station. As specified in 14 CFR Part 89, this applies to drone pilots, who must operate a compliant drone, and manufacturers, who must produce Standard Remote ID or broadcast module-equipped drones."
Technical ID
faa-remote-id-rule-2021
SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
"This standard specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive but unclassified information. It is applicable to all federal agencies that use cryptographic-based security systems and shall be used in designing and implementing cryptographic modules that federal departments and agencies operate or that are operated for them under contract. The standard provides four increasing, qualitative levels of security (Level 1, Level 2, Level 3, and Level 4) intended to cover a wide range of potential applications and environments. The core obligation is for federal agencies to use cryptographic modules that have been validated by the Cryptographic Module Validation Program (CMVP), a joint effort between the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security. The security requirements cover areas related to the secure design, implementation, and operation of a cryptographic module, including its specification, interfaces, roles, services, authentication, software/firmware security, operating environment, physical security, non-invasive security, sensitive security parameter management, self-tests, life-cycle assurance, and mitigation of other attacks. In the CMVP, vendors use independent, accredited Cryptographic and Security Testing (CST) laboratories to have their modules tested for conformance."
Technical ID
fips-140-3-cryptographic-modules
SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
"This Standard specifies the Secure Hash Algorithm-3 (SHA-3) family of functions on binary data, based on the KECCAK algorithm selected by NIST. The SHA-3 family consists of four cryptographic hash functions (SHA3-224, SHA3-256, SHA3-384, and SHA3-512) and two extendable-output functions or XOFs (SHAKE128 and SHAKE256). These functions supplement the SHA-1 and SHA-2 families specified in FIPS 180-4, providing resilience against future advances in hash function analysis through fundamentally different design principles. This standard is applicable to all Federal departments and agencies for protecting sensitive unclassified information. The core obligation is that either this Standard or FIPS 180 must be implemented wherever a secure hash algorithm is required for Federal applications, including as a component within other cryptographic algorithms and protocols. Implementations may be in software, firmware, hardware, or any combination thereof, but only implementations validated by the Cryptographic Algorithm Validation Program (CAVP) will be considered compliant. This standard may also be adopted and used by non-Federal Government organizations."
Technical ID
fips-202-sha-3-standard
FIPS 203 (ML-KEM Quantum)
"FIPS 203 (Module-Lattice-Based Key-Encapsulation Mechanism) is the final NIST standard for quantum-resistant key encapsulation. Based on the CRYSTALS-Kyber algorithm, it is designed to protect sensitive information from future decryption by large-scale quantum computers, providing the foundational layer for PQC secure communication."
Technical ID
fips-203-ml-kem-quantum
Module-Lattice-Based Key-Encapsulation Mechanism Standard
"This standard specifies a key-encapsulation mechanism (KEM) called ML-KEM, which is a set of algorithms that can be used by two parties to establish a shared secret key over a public channel. The security of ML-KEM is related to the computational difficulty of the Module Learning with Errors problem, and it is presently believed to be secure, even against adversaries who possess a quantum computer. The standard specifies three parameter sets, ML-KEM-512, ML-KEM-768, and ML-KEM-1024, which offer different trade-offs in security strength versus performance. All three are approved to protect sensitive, non-classified communication systems of the U.S. Federal Government. This standard applies to information systems used or operated by federal agencies or by a contractor of an agency on behalf of an agency, but not to national security systems. It shall be used wherever the establishment of a shared secret key is required for federal applications, including for use with symmetric-key cryptographic algorithms. The core obligation is for implementations to conform to the specified algorithms and employ other approved cryptographic functions. Conforming implementations may replace the given set of steps with any mathematically equivalent set of steps, but must not use the component public-key encryption scheme (K-PKE) as a stand-alone scheme."
Technical ID
fips-203-ml-kem-standard
Module-Lattice-Based Digital Signature Standard
"This standard specifies ML-DSA, a set of algorithms that can be used to generate and verify digital signatures. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. ML-DSA is a lattice-based digital signature algorithm believed to be secure, even against adversaries in possession of a large-scale quantum computer. The recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed signatory, a property known as non-repudiation. This standard is applicable to all federal departments and agencies for the protection of sensitive unclassified information. The core obligation is that either this standard, FIPS 205, FIPS 186-5, or NIST Special Publication 800-208 shall be used in designing and implementing public-key-based signature systems that federal departments and agencies operate or that are operated for them under contract. The standard specifies the mathematical steps for key generation, signature generation, and signature verification. The adoption and use of this standard are also available to private and commercial organizations. Digital signature key pairs created under this standard shall not be used for other purposes."
Technical ID
fips-204-digital-signature-standard
FIPS 204 (ML-DSA Quantum)
"FIPS 204 (Module-Lattice-Based Digital Signature Algorithm) is the final NIST standard for quantum-resistant digital signatures. Based on the CRYSTALS-Dilithium algorithm, it is designed to ensure authenticity and non-repudiation in a post-quantum world, replacing or augmenting RSA and ECDSA signatures for core internet infrastructure."
Technical ID
fips-204-ml-dsa-quantum
Module-Lattice-Based Digital Signature Standard
"This standard specifies ML-DSA, a set of algorithms that can be used to generate and verify digital signatures which are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. ML-DSA is a lattice-based digital signature algorithm believed to be secure, even against adversaries in possession of a large-scale quantum computer, and provides for non-repudiation. The standard specifies the mathematical steps that need to be performed for key generation, signature generation, and signature verification. ML-DSA can be used in electronic mail, electronic funds transfer, software distribution, data storage, and other applications that require data integrity assurance and data origin authentication. This standard is applicable to all federal departments and agencies for the protection of sensitive unclassified information. The core obligation is that either this standard, FIPS 205, FIPS 186-5, or NIST Special Publication 800-208 shall be used in designing and implementing public-key-based signature systems that federal departments and agencies operate or that are operated for them under contract. Implementations must employ cryptographic algorithms approved for protecting Federal Government-sensitive information. The security of a digital signature system depends on maintaining the secrecy of the signatory’s private keys, and signatories shall guard against the disclosure of their private keys. The adoption and use of this standard are also available to private and commercial organizations."
Technical ID
fips-204-ml-dsa-standard
FIPS 205 (SLH-DSA Quantum)
"FIPS 205 (Stateless Hash-Based Digital Signature Algorithm) is a NIST-standardized quantum-resistant signature mechanism based on the SPHINCS+ construction. Unlike lattice-based schemes, it relies solely on the security of cryptographic hash functions, providing a robust backup against potential cryptanalytic breakthroughs in other PQC families."
Technical ID
fips-205-slh-dsa-quantum
ICAO Doc 9859 Safety Management Manual (SMM), 4th Edition
"ICAO Doc 9859 provides comprehensive guidance for States and aviation service providers on developing, implementing, and maintaining a Safety Management System (SMS) in compliance with ICAO Annex 19. The manual details the four core components and twelve elements of the SMS framework (Chapter 5), which are essential for the proactive management of safety risks."
Technical ID
icao-doc-9859-sms
ICAO Annex 19 (Safety Management)
"ICAO Annex 19 establishes the international standard for Safety Management Systems (SMS) and State Safety Programmes (SSP) in civil aviation. It focuses on the proactive management of safety risks through the collection, analysis, and exchange of safety data and safety information, ensuring absolute flight safety integrity."
Technical ID
icao-safety-annex-19
IETF Hybrid PQC Drafts
"IETF Hybrid PQC Drafts define the mechanisms for combining 'Classical' cryptography (e.g., X25519, Ed25519) with 'Post-Quantum' algorithms (e.g., ML-KEM, ML-DSA). This 'Defense-in-Depth' approach ensures security even if a quantum-resistant algorithm is found to be vulnerable or if the classical algorithm is broken by a quantum computer."
Technical ID
ietf-hybrid-pqc-drafts
Cloud Security for Defense (ISO 27017)
"ISO/IEC 27017:2015 is an international code of practice for information security controls applicable to cloud services, providing cloud-specific implementation guidance for 37 controls from ISO/IEC 27002 and introducing 7 new cloud-specific controls not found in the base standard. In defense contexts, ISO 27017 governs how defense organizations and their contractors securely use cloud services to process, store, and transmit sensitive defense information, extending CMMC and NIST 800-171 requirements to cloud service provider relationships. The standard addresses the unique security challenges of shared-responsibility cloud models including: asset ownership in the cloud, decommissioning and secure disposal of cloud assets, virtual machine hardening, administrator privilege management, and customer-side monitoring of cloud environments. Organizations using cloud infrastructure for defense AI workloads must apply ISO 27017 controls to demonstrate appropriate cloud security governance to defense customers and regulators."
Technical ID
iso-27017-cloud-defence
ITAR Compliance Workflow
"The International Traffic in Arms Regulations (ITAR) control the export and temporary import of defense articles and defense services on the United States Munitions List (USML). Compliance is mandatory for all U.S. manufacturers, exporters, and brokers of defense articles to prevent unauthorized access by foreign persons and ensure national security integrity."
Technical ID
itar-compliance-workflow
ITAR Export Control Logic
"Mandatory controls for the export, re-export, and brokering of defense articles, services, and technical data listed on the United States Munitions List (USML)."
Technical ID
itar-license-check
MIL-STD-882E Department of Defense Standard Practice — System Safety
"This standard mandates a systematic, risk-based approach for identifying, assessing, and mitigating hazards throughout the lifecycle of Department of Defense (DoD) systems. As outlined in Section 4, all DoD programs must establish and maintain a system safety program to manage risks associated with software, hardware, and their integration."
Technical ID
mil-std-882e-system-safety
UK Ministry of Defence (MoD) AI Safety Protocol
"A mandatory safety assurance framework for AI systems deployed in British Armed Forces, requiring a structured Safety Case and human-in-the-loop gating for lethal force."
Technical ID
mod-safe-ai
NATO Principles of Responsible Use of Artificial Intelligence in Defence
"NATO Allies must ensure that Artificial Intelligence applications in defence are developed and used in accordance with six core principles: Lawfulness, Responsibility and Accountability, Explainability and Traceability, Reliability, Governability, and Bias Mitigation. These principles, outlined in the NATO AI Strategy, guide the ethical and responsible integration of AI to maintain a technological edge while upholding NATO's values and international law."
Technical ID
nato-ai-principles-2021
NATO Cyber Defence Policy 2023 — Collective Defence in Cyberspace and Attribution Framework
"This policy establishes cyberspace as a military domain of operations and affirms that a significant malicious cyber activity could lead to the invocation of Article 5 of the North Atlantic Treaty. It requires NATO and its Allies to enhance cyber resilience, develop capabilities for collective defence, and establish a framework for the political attribution of cyber attacks."
Technical ID
nato-cyber-defence-policy-2023
CUI Protection (NIST 800-171)
"NIST Special Publication 800-171 Revision 3 (published May 2024) defines 17 control families containing 110 security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations — primarily defense contractors, research institutions, and suppliers processing federal contract information (FCI) and CUI under DFARS Clause 252.204-7012. Compliance with NIST 800-171 is mandatory for any organization holding a DoD contract that involves CUI, and the Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 assessment directly audits all 110 NIST 800-171 requirements through a Certified Third-Party Assessment Organization (C3PAO). The Supplier Performance Risk System (SPRS) score, derived from self-assessment against NIST 800-171, affects contract award decisions, and DoD contracting officers are required to review SPRS scores as part of the source selection process. Failure to implement required controls exposes contractors to contract termination, False Claims Act liability (up to three times damages plus civil penalties), and debarment from federal contracting. AI agents operating within defense contractor environments that process, store, or transmit CUI must comply with all applicable NIST 800-171 requirements, particularly access control, audit logging, system and communications protection, and configuration management families."
Technical ID
nist-800-171-cui
NIST SP 800-171 Rev 3 (CUI)
"NIST SP 800-171 Rev 3 provides the requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) in nonfederal systems and organizations. It is the foundational standard for defense contractors, and the latest 2024 revision incorporates significant updates to controls and security families to align with modern cyber threats."
Technical ID
nist-800-171-rev-3
Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process
"The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, as well as NIST Special Publications SP 800-56A and SP 800-56B. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. This report describes the evaluation and selection process of the third-round candidates based on public feedback and internal review, summarizing each of the 15 candidates. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS–KYBER. The digital signatures that will be standardized are CRYSTALS–Dilithium, FALCON, and SPHINCS+. While multiple signature algorithms were selected, NIST recommends CRYSTALS–Dilithium as the primary algorithm to be implemented. Additionally, four alternate key-establishment candidate algorithms—BIKE, Classic McEliece, HQC, and SIKE—will advance to a fourth round of evaluation and are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio."
Technical ID
nist-ir-8413-pqc-third-round
Transition to Post-Quantum Cryptography Standards
"This report describes NIST’s expected approach to transitioning from quantum-vulnerable cryptographic algorithms to post-quantum digital signature algorithms and key-establishment schemes. It identifies existing quantum-vulnerable cryptographic standards and the quantum-resistant standards to which information technology products and services will need to transition. This guidance is intended for a broad audience, including federal agencies, technology providers, standards organizations, and Cryptographic Module Validation Program (CMVP) laboratories, to inform their efforts and timelines for migrating information technology products, services, and infrastructure to Post-Quantum Cryptography (PQC). The core obligation is to transition cryptographic systems to quantum-resistant cryptography, with a primary target for completion across Federal systems by 2035, as established by National Security Memorandum 10 (NSM-10). There is a pressing threat, known as “harvest now, decrypt later,” where adversaries collect encrypted data now with the goal of decrypting it once quantum technology matures. This threat makes the transition urgent, particularly for sensitive data that retains its value for many years. The transition will involve the adoption of new PQC algorithms like those in FIPS 203, 204, and 205, as well as the careful deprecation, controlled legacy use, and eventual removal of quantum-vulnerable algorithms."
Technical ID
nist-ir-8547-pqc-transition
Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process
"The National Institute of Standards and Technology (NIST) is in the process of selecting public-key cryptographic algorithms through a public, competition-like process to protect sensitive information well into the foreseeable future, including after the advent of quantum computers. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4 and NIST Special Publications 800-56A and 800-56B. This report describes the evaluation and selection process of the third-round candidates based on public feedback and internal review. After three rounds of evaluation and analysis, NIST has selected the first algorithms it will standardize. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS–KYBER. The digital signatures that will be standardized are CRYSTALS–Dilithium, FALCON, and SPHINCS+. While multiple signature algorithms were selected, NIST recommends CRYSTALS–Dilithium as the primary algorithm to be implemented. Additionally, four alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. The report summarizes each of the 15 third-round candidates and provides the rationale for their selection for standardization, advancement to the fourth round, or removal from consideration."
Technical ID
nist-pqc-third-round-report
High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture
"This NIST Special Publication aims to standardize and facilitate the sharing of High-Performance Computing (HPC) security information and knowledge through the development of an HPC system reference architecture and key components, which are introduced as the basics of the HPC system lexicon. The reference architecture divides an HPC system into four function zones: a high-performance computing zone, a data storage zone, an access zone, and a management zone. This publication analyzes HPC threats, considers current HPC security postures and challenges, and makes best-practice recommendations. This guideline may be used by federal agencies and is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. It has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014. This publication may also be used by nongovernmental organizations on a voluntary basis. The core obligations focus on understanding the unique architecture of HPC systems, identifying threats specific to its functional zones, and implementing tailored security controls that balance performance with security, such as network segmentation, compute node sanitization, data integrity protection, and secure container management."
Technical ID
nist-sp-800-223-hpc-security
PQC Migration Workflow
"The PQC Migration Workflow (based on NSA CNSA 2.0 and NIST PQC timelines) provides the strategic five-step transition from 'Classical' cryptography to 'Post-Quantum' (PQC) standards. It focuses on mitigating the 'Store-Now-Decrypt-Later' (SNDL) risk for high-longevity data and ensuring quantum-secure authenticated software updates (ASU)."
Technical ID
pqc-migration-logic
Quantum Readiness Checklist
"The Quantum Readiness Checklist is based on OMB M-23-02, CISA's Quantum Strategy, and NIST PQC migration guidance. It provides an actionable framework for organizations to identify cryptographic assets vulnerable to quantum attacks (CRQC) and begin the transition to FIPS 203-205 standards to ensure long-term data confidentiality and integrity."
Technical ID
quantum-readiness-checklist
NISTIR 8105 Report on Post-Quantum Cryptography
"If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use, seriously compromising the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. Many of our most crucial communication protocols rely on public key encryption, digital signatures, and key exchange, primarily implemented using Diffie-Hellman, RSA, and elliptic curve cryptosystems. A sufficiently powerful quantum computer will put these forms of modern communication in peril. This report shares the National Institute of Standards and Technology (NIST)’s current understanding about the status of quantum computing and post-quantum cryptography, and outlines NIST’s initial plan to move forward. The report also recognizes the challenge of moving to new cryptographic infrastructures and therefore emphasizes the need for agencies to focus on crypto agility. It has taken almost 20 years to deploy our modern public key cryptography infrastructure, and it will take significant effort to ensure a smooth and secure migration to quantum-resistant counterparts. Therefore, regardless of the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems."
Technical ID
report-post-quantum-cryptography
UK National Security and Investment Act 2021 — Mandatory Notification and Screening for Sensitive Sectors
"The UK National Security and Investment Act 2021 requires mandatory notification to the UK Government's Investment Security Unit for certain acquisitions of entities active in 17 sensitive areas of the economy. As per Section 6, these 'notifiable acquisitions' must be approved before completion to avoid being legally void and incurring civil or criminal penalties."
Technical ID
uk-nsia-2021
UK Strategic Export Control
"The UK Strategic Export Control regime (Export Control Act 2002) is the primary regulation for the export of military and dual-use technology from the United Kingdom. It is managed by the Export Control Joint Unit (ECJU) and utilizes the Consolidated List to determine licensing requirements for international trade and defense cooperation."
Technical ID
uk-strategic-export-control
US Department of Defense AI Ethical Principles 2020 — Five Principles for Responsible AI in Defence
"This memorandum establishes five core ethical principles (Responsible, Equitable, Traceable, Reliable, and Governable) that must guide the design, development, deployment, and use of all Artificial Intelligence capabilities within the US Department of Defense, as mandated by the Secretary of Defense."
Technical ID
us-dod-ai-ethical-principles-2020
DoD Instruction 8510.01 — Risk Management Framework (RMF) for DoD Information Technology (IT)
"This instruction establishes the DoD Risk Management Framework (RMF), mandating a six-step lifecycle process for all DoD information systems to manage cybersecurity risk and achieve an Authorization to Operate (ATO). It applies to all DoD-owned or controlled IT that receive, process, store, display, or transmit DoD information, as detailed in Enclosure 2."
Technical ID
us-dod-rmf-8510-01
US Export Administration Regulations (EAR) — Dual-Use Technology Controls, Entity List and AI/Semiconductor Restrictions
"The Export Administration Regulations (EAR), administered by the Bureau of Industry and Security (BIS), control the export and reexport of most commercial and dual-use items, software, and technology. Organizations must determine if their items are subject to the EAR (Part 734), classify them against the Commerce Control List (CCL) to identify an Export Control Classification Number (ECCN), and screen all transaction parties against restricted lists like the Entity List (Part 744)."
Technical ID
us-export-administration-regulations
Technical Registry Export
Context: Aviation, Defense & Quantum / Total Filtered: 45 Nodes
This utility allows developers and AI architects to instantly extract technical identifiers for the current filtered view. Use these IDs to programmatically call the Bidda Sovereign Forest API. All exports respect the global Triple-Verification Pipeline.