What gates a program from fielding AI at the tactical edge?
Two gates stand between a working model and a fielded one: the authorization to operate (ATO) an authorizing official issues before a system can run on a given network, and the contract that puts the system in the field. Capability is necessary, but it is not where programs lose time.
A custom build reaches those gates by inventing its own security architecture from scratch. It spends months on identity, permissions, integrations, and auditability before the first workflow runs, and every new environment can become a separate authorization or reciprocity effort. An integrator-led program runs on a single award to the integrator, who subcontracts the hardware, software, and sustainment. Delivery moves at the integrator's pace, and changes route back through the integrator to subcontracted component providers, which adds time. Centurion by Legion Intelligence is the worked example of the other path: a pre-integrated, hardened system with a documented security posture and a known bill of materials, built so the accreditation effort starts from documented ground. Legion calls this a faster path to ATO for that reason, not because the authorization is inherited or skipped. Whether it keeps working when the network drops is a separate question: for that operational problem, see how AI operates in DDIL environments.
What do IL2 through IL6, FedRAMP High, and HBOM/SBOM actually buy a program?
Existing ATOs, an HBOM, and an SBOM give an authorizing official documented evidence to assess, which can shorten a review rather than restart it.
The Impact Levels (IL2 through IL6) categorize information and environments by sensitivity and impact; IL6 covers classified information up to SECRET, the posture required for a classified tactical network rather than an unclassified one. FedRAMP High is a separate authorization that applies only to cloud, setting the federal baseline for high-impact unclassified workloads. The two govern different environments: the Impact Levels apply to DoD networks by classification, while FedRAMP High applies to cloud platforms. They are not two halves of one deployment's coverage.
Beyond the Impact Levels and FedRAMP, three more credentials cut what the authorizing official builds from scratch. NIST 800-53 is the federal control catalog a security review grades a system against, so aligning to it gives the review a shared baseline vocabulary rather than a custom one. SOC 2 Type II adds independent evidence that those controls held over time, and a documented HBOM and SBOM make the supply chain visible and reviewable, so the review starts from a known, bounded system the authorizing official does not characterize from scratch. Air-gapped capability changes the questions further: with no external connectivity, the reach-back and external-connectivity assumptions a cloud-dependent system carries fall away.
This is what accreditation-ready means: the documentation does not bypass the authorization process; it gives the authorizing official a smaller, better-evidenced surface to assess instead of an unvetted asset stack. Centurion is also ready to manage ITAR data, which matters wherever a deployment touches export-controlled defense technical data. Full credential detail sits on the Legion security page.
Why does a single-contract, known-BOM system shorten the path to an authority to operate (ATO)?
A single-contract, known-BOM system shortens the path to an ATO by giving the authorizing process one bounded, documented system to assess instead of several separately procured layers to reconcile, and it collapses the procurement effort into a single award.
Centurion is procured as a single purchase: hardware, software, models, and support in one line item. When those layers are procured separately, each carries its own timeline and security validation, and the authorizing official is left to reconcile layers no single party documented end to end. In an integrated system, the integration-level controls (how software, models, and compute interact) arrive documented and hardened inside the system boundary. They are not written and validated net-new during the program's own assessment, so the surface stays bounded and the supply chain stays documented. Fixed pricing and a clear total cost of ownership remove the forecasting problem usage-metered models carry. For customers with existing accredited edge hardware, Centurion can also be acquired as a software system that lives on their devices.
The four paths differ most on the variables that shape procurement and accreditation effort:
Model currency is part of the same procurement question. The Department of War’s AI-first direction expects fielded systems to run current approved models rather than freezing them at deployment. The accreditation question is whether those updates reach the edge through a validated, documented pathway, including controlled updates to disconnected nodes with validation and rollback, that an authorizing official can review.
What does accreditation-ready look like in the field?
Accreditation-ready in the field does not mean authorized in a day. It means a system can be installed into the target environment with documented components, known dependencies, and controls the authorizing process can assess. Centurion's deployments provide the accreditation evidence needed to bootstrap that process.
At Scarlet Dragon 26-01, the XVIII Airborne Corps G2 field-evaluated Centurion L on the Corps' tactical SIPR network at IL6, and the system installed to operational capability in one day, fully disconnected, with no cloud reach-back. The environment was a classified IL6 network. The install reached operational capability in one day. That one day measures the install only; the authorization timeline is separate and set by the authorizing official.
At USSOCOM TE 26-02, Centurion ran on government-provided planning data in a disconnected environment, with automatic local model failover when connectivity dropped.
All of this runs on the same Legion platform that was proven by 20,000+ users across U.S. Special Operations Command.
How do data sovereignty and human authority hold up under accreditation?
Data sovereignty and human authority hold up under accreditation because Legion implements both in ways a review can verify. Data sovereignty is enforced as a data-flow boundary. Human authority is preserved through governed approval points whose actions are attributed and logged, so the review sees them in the audit record rather than as a separate security control. Centurion runs the same governed agent workflows, attribution, and human-authority model as Legion's cloud and on-prem deployments, so what a review covers is what operates in the field.
Customer data stays in the customer's environment and is never used to train external models, which removes the data-egress and external training questions a hosted tool has to answer. Every action is attributed, including agent actions, and audit logging is native to the platform, so a review can see what was done and on whose behalf. Role-based access governs who can do what, and human authority is preserved through policy-defined approval points, each one attributed and logged. For an accreditation package, that governance produces the control evidence a review depends on. The package draws on the role-based access model, attribution logs, the data-flow boundary, NIST 800-53 alignment, a validated model-update pathway, and the HBOM and SBOM.
When is the single-system model not the right fit?
The single-system model is not the right fit when a program already holds a covering authorization inside a stable accreditation boundary. A hosted tool inside that boundary may be sufficient, and a deployable system would add more than the situation requires. If the requirement is one analyst's productivity rather than an organizational capability, a commercial on-device assistant is the cheaper, faster call.
The deciding variable is the accreditation boundary. A program inside a stable, already-authorized boundary has different needs than one standing up AI inside a new or edge boundary, where a pre-hardened, documented system shortens the authorization effort.
Map it against your authorizing process
For a program standing up AI inside a new boundary or tactical edge environment, the next step is to request a Centurion field evaluation. An evaluation maps the system boundary, bill of materials, control evidence, and install path against your own environment and authorizing process.


