diff --git a/pw_bluetooth_sapphire/host/gap/BUILD.bazel b/pw_bluetooth_sapphire/host/gap/BUILD.bazel
index cc1bbc06ea..55d83a4f6e 100644
--- a/pw_bluetooth_sapphire/host/gap/BUILD.bazel
+++ b/pw_bluetooth_sapphire/host/gap/BUILD.bazel
@@ -79,7 +79,7 @@ cc_library(
         "//pw_bluetooth_sapphire/host/l2cap",
         "//pw_bluetooth_sapphire/host/sco",
         "//pw_bluetooth_sapphire/host/sdp",
-        "//pw_bluetooth_sapphire/host/sm",
+        "//pw_bluetooth_sapphire/host/sm:definitions",
         "@pigweed//pw_async:heap_dispatcher",
         "@pigweed//pw_bluetooth",
         "@pigweed//third_party/fuchsia:fit",
@@ -136,6 +136,7 @@ fuchsia_cc_test(
         "//pw_bluetooth_sapphire/host/gatt:testing",
         "//pw_bluetooth_sapphire/host/hci:testing",
         "//pw_bluetooth_sapphire/host/l2cap:testing",
+        "//pw_bluetooth_sapphire/host/sm",
         "//pw_bluetooth_sapphire/host/sm:testing",
         "//pw_bluetooth_sapphire/host/testing",
         "//pw_bluetooth_sapphire/host/testing:gtest_main",
diff --git a/pw_bluetooth_sapphire/host/gap/BUILD.gn b/pw_bluetooth_sapphire/host/gap/BUILD.gn
index 84e42a04dc..af9007cbfe 100644
--- a/pw_bluetooth_sapphire/host/gap/BUILD.gn
+++ b/pw_bluetooth_sapphire/host/gap/BUILD.gn
@@ -87,6 +87,8 @@ pw_source_set("gap") {
     "types.cc",
   ]
 
+  deps = [ "$dir_pw_bluetooth_sapphire/host/sm" ]
+
   public_deps = [
     ":definitions",
     "$dir_pw_async:heap_dispatcher",
@@ -98,7 +100,7 @@ pw_source_set("gap") {
     "$dir_pw_bluetooth_sapphire/host/l2cap",
     "$dir_pw_bluetooth_sapphire/host/sco",
     "$dir_pw_bluetooth_sapphire/host/sdp",
-    "$dir_pw_bluetooth_sapphire/host/sm",
+    "$dir_pw_bluetooth_sapphire/host/sm:definitions",
     "$dir_pw_third_party/fuchsia:fit",
   ]
 
@@ -154,6 +156,7 @@ pw_test("gap_tests") {
     "$dir_pw_bluetooth_sapphire/host/gatt:testing",
     "$dir_pw_bluetooth_sapphire/host/hci:testing",
     "$dir_pw_bluetooth_sapphire/host/l2cap:testing",
+    "$dir_pw_bluetooth_sapphire/host/sm",
     "$dir_pw_bluetooth_sapphire/host/sm:testing",
     "$dir_pw_bluetooth_sapphire/host/testing",
   ]
diff --git a/pw_bluetooth_sapphire/host/gap/adapter.cc b/pw_bluetooth_sapphire/host/gap/adapter.cc
index 9647ff4e75..38eed93184 100644
--- a/pw_bluetooth_sapphire/host/gap/adapter.cc
+++ b/pw_bluetooth_sapphire/host/gap/adapter.cc
@@ -43,6 +43,7 @@
 #include "pw_bluetooth_sapphire/internal/host/hci/low_energy_connector.h"
 #include "pw_bluetooth_sapphire/internal/host/hci/sequential_command_runner.h"
 #include "pw_bluetooth_sapphire/internal/host/l2cap/channel_manager.h"
+#include "pw_bluetooth_sapphire/internal/host/sm/security_manager.h"
 #include "pw_bluetooth_sapphire/internal/host/transport/emboss_control_packets.h"
 #include "pw_bluetooth_sapphire/internal/host/transport/transport.h"
 
diff --git a/pw_bluetooth_sapphire/host/gap/low_energy_connection.cc b/pw_bluetooth_sapphire/host/gap/low_energy_connection.cc
index 489b6fe508..66619c5171 100644
--- a/pw_bluetooth_sapphire/host/gap/low_energy_connection.cc
+++ b/pw_bluetooth_sapphire/host/gap/low_energy_connection.cc
@@ -15,6 +15,7 @@
 #include "pw_bluetooth_sapphire/internal/host/gap/low_energy_connection.h"
 
 #include "pw_bluetooth_sapphire/internal/host/gap/low_energy_connection_manager.h"
+#include "pw_bluetooth_sapphire/internal/host/sm/security_manager.h"
 
 namespace bt::gap::internal {
 
@@ -271,6 +272,21 @@ void LowEnergyConnection::UpgradeSecurity(sm::SecurityLevel level,
   OnSecurityRequest(level, std::move(cb));
 }
 
+void LowEnergyConnection::set_security_mode(LESecurityMode mode) {
+  BT_ASSERT(sm_);
+  sm_->set_security_mode(mode);
+}
+
+sm::BondableMode LowEnergyConnection::bondable_mode() const {
+  BT_ASSERT(sm_);
+  return sm_->bondable_mode();
+}
+
+sm::SecurityProperties LowEnergyConnection::security() const {
+  BT_ASSERT(sm_);
+  return sm_->security();
+}
+
 // Cancels any on-going pairing procedures and sets up SMP to use the provided
 // new I/O capabilities for future pairing procedures.
 void LowEnergyConnection::ResetSecurityManager(sm::IOCapability ioc) {
diff --git a/pw_bluetooth_sapphire/host/gap/low_energy_connection_manager.cc b/pw_bluetooth_sapphire/host/gap/low_energy_connection_manager.cc
index 2fb3bb0cd7..20efd55a02 100644
--- a/pw_bluetooth_sapphire/host/gap/low_energy_connection_manager.cc
+++ b/pw_bluetooth_sapphire/host/gap/low_energy_connection_manager.cc
@@ -34,7 +34,6 @@
 #include "pw_bluetooth_sapphire/internal/host/hci/local_address_delegate.h"
 #include "pw_bluetooth_sapphire/internal/host/l2cap/channel_manager.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/error.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/security_manager.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/smp.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/types.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/util.h"
diff --git a/pw_bluetooth_sapphire/host/sm/security_manager.cc b/pw_bluetooth_sapphire/host/sm/security_manager.cc
index a152e38a09..061d8c2b40 100644
--- a/pw_bluetooth_sapphire/host/sm/security_manager.cc
+++ b/pw_bluetooth_sapphire/host/sm/security_manager.cc
@@ -33,7 +33,11 @@
 #include "pw_bluetooth_sapphire/internal/host/hci/low_energy_connection.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/error.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/packet.h"
+#include "pw_bluetooth_sapphire/internal/host/sm/pairing_phase.h"
+#include "pw_bluetooth_sapphire/internal/host/sm/phase_1.h"
+#include "pw_bluetooth_sapphire/internal/host/sm/phase_2_legacy.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/phase_2_secure_connections.h"
+#include "pw_bluetooth_sapphire/internal/host/sm/phase_3.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/security_request_phase.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/smp.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/types.h"
diff --git a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection.h b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection.h
index 7307bb7845..7c44dbe3b4 100644
--- a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection.h
+++ b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection.h
@@ -25,10 +25,13 @@
 #include "pw_bluetooth_sapphire/internal/host/iso/iso_stream_manager.h"
 #include "pw_bluetooth_sapphire/internal/host/l2cap/channel_manager.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/delegate.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/security_manager.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/types.h"
 #include "pw_bluetooth_sapphire/internal/host/transport/command_channel.h"
 
+namespace bt::sm {
+class SecurityManager;
+}
+
 namespace bt::gap {
 
 namespace internal {
@@ -113,10 +116,7 @@ class LowEnergyConnection final : public sm::Delegate {
   // Attach connection as child node of |parent| with specified |name|.
   void AttachInspect(inspect::Node& parent, std::string name);
 
-  void set_security_mode(LESecurityMode mode) {
-    BT_ASSERT(sm_);
-    sm_->set_security_mode(mode);
-  }
+  void set_security_mode(LESecurityMode mode);
 
   // Sets a callback that will be called when the peer disconnects.
   void set_peer_disconnect_callback(PeerDisconnectCallback cb) {
@@ -143,15 +143,9 @@ class LowEnergyConnection final : public sm::Delegate {
   PeerId peer_id() const { return peer_->identifier(); }
   hci_spec::ConnectionHandle handle() const { return link_->handle(); }
   hci::LowEnergyConnection* link() const { return link_.get(); }
-  sm::BondableMode bondable_mode() const {
-    BT_ASSERT(sm_);
-    return sm_->bondable_mode();
-  }
+  sm::BondableMode bondable_mode() const;
 
-  sm::SecurityProperties security() const {
-    BT_ASSERT(sm_);
-    return sm_->security();
-  }
+  sm::SecurityProperties security() const;
 
   pw::bluetooth::emboss::ConnectionRole role() const { return link()->role(); }
 
diff --git a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection_manager.h b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection_manager.h
index bf37b541ed..4e7add700e 100644
--- a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection_manager.h
+++ b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/low_energy_connection_manager.h
@@ -44,6 +44,17 @@
 
 namespace bt {
 
+namespace sm {
+using SecurityManagerFactory = std::function<std::unique_ptr<SecurityManager>(
+    hci::LowEnergyConnection::WeakPtr,
+    l2cap::Channel::WeakPtr,
+    IOCapability,
+    Delegate::WeakPtr,
+    BondableMode,
+    gap::LESecurityMode,
+    pw::async::Dispatcher&)>;
+}  // namespace sm
+
 namespace hci {
 class LocalAddressDelegate;
 }  // namespace hci
diff --git a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/peer.h b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/peer.h
index b3a22b3e94..a39cbfe862 100644
--- a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/peer.h
+++ b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/gap/peer.h
@@ -28,9 +28,9 @@
 #include "pw_bluetooth_sapphire/internal/host/gap/peer_metrics.h"
 #include "pw_bluetooth_sapphire/internal/host/gatt/persisted_data.h"
 #include "pw_bluetooth_sapphire/internal/host/hci-spec/constants.h"
+#include "pw_bluetooth_sapphire/internal/host/hci-spec/le_connection_parameters.h"
 #include "pw_bluetooth_sapphire/internal/host/hci-spec/lmp_feature_set.h"
 #include "pw_bluetooth_sapphire/internal/host/hci/connection.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/security_manager.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/types.h"
 
 #pragma clang diagnostic ignored "-Wshadow"
diff --git a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/sm/security_manager.h b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/sm/security_manager.h
index 36b9a06aca..b6623c267e 100644
--- a/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/sm/security_manager.h
+++ b/pw_bluetooth_sapphire/public/pw_bluetooth_sapphire/internal/host/sm/security_manager.h
@@ -14,24 +14,12 @@
 
 #pragma once
 #include <memory>
-#include <queue>
-#include <variant>
 
-#include "pw_bluetooth_sapphire/internal/host/common/assert.h"
-#include "pw_bluetooth_sapphire/internal/host/common/device_address.h"
-#include "pw_bluetooth_sapphire/internal/host/common/uint128.h"
 #include "pw_bluetooth_sapphire/internal/host/gap/gap.h"
-#include "pw_bluetooth_sapphire/internal/host/hci-spec/link_key.h"
 #include "pw_bluetooth_sapphire/internal/host/hci/low_energy_connection.h"
 #include "pw_bluetooth_sapphire/internal/host/l2cap/channel.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/delegate.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/error.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/pairing_phase.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/phase_1.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/phase_2_legacy.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/phase_2_secure_connections.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/phase_3.h"
-#include "pw_bluetooth_sapphire/internal/host/sm/security_request_phase.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/smp.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/types.h"
 #include "pw_bluetooth_sapphire/internal/host/sm/util.h"