ALEETH Federal delivers the ICA Institutional Control Architecture to defense, intelligence, and federal missions — the layer that proves an AI-influenced decision was authorized, supervised, and defensible, on demand and after the fact.
Mission AI does not get the benefit of the doubt. Every AI-influenced decision inside a defense, intelligence, or federal system already sits inside a named accreditation, supply-chain, or export-control obligation — CMMC, NIST 800-171, an ATO under RMF, DoDD 3000.09's autonomous-weapons review, ITAR.
The expectation is not future tense. It is the current duty to show, on demand, that an autonomous or AI-assisted action was authorized, within bounds, and reviewable — not asserted in a policy binder, proven in a signed record.
ICA operates in three movements — the same standard whether the decision is a contract review or a weapons-adjacent action.
ICA sits beneath the AI system, not beside it — it sees the decision at the point it happens, not in a log shipped after the fact.
Policy is enforced in real time: allow, gate, halt, or quarantine. The control has the authority to stop a consequential action before it completes — not just record that it happened.
Every governed action is sealed into a signed, hash-chained record — independently verifiable, and unalterable by the institution or by ALEETH.
Six domains, each tied to a live accreditation, supply-chain, or export-control obligation.
| Domain | Authority | What ICA proves |
|---|---|---|
CMMC | DoD | Cybersecurity Maturity Model Certification compliance evidence across the AI-touched environment, not a point-in-time assessment. |
NIST 800-171 / 800-172 | Controlled Unclassified Information | Continuous control evidence over CUI-adjacent AI workflows, mapped to the required control families. |
ATO / RMF Accreditation | Risk Management Framework | A signed control surface an Authorizing Official can examine directly — accreditation evidence that doesn't go stale between assessments. |
Responsible AI | DoDD 3000.09 | Human-judgment and appropriate-levels-of-human-control evidence for autonomous and semi-autonomous systems. |
Supply-Chain Integrity | SBOM | Provenance over the AI supply chain — what model, what version, what data, under whose authorization. |
Export Control | ITAR / EAR | A data boundary and access trail proving controlled technical data did not cross an unauthorized AI surface. |
Thirty minutes. We show the architecture. The last five, you verify our records yourself.