--- title: "Executive Order AI Action Plan" id: "2685" type: "page" slug: "executive-order-federal-ai-directive-fedramp" published_at: "2026-06-10T22:37:35+00:00" modified_at: "2026-06-12T01:46:23+00:00" url: "https://jetstream.security/executive-order-federal-ai-directive-fedramp/" markdown_url: "https://jetstream.security/executive-order-federal-ai-directive-fedramp.md" --- #### The AI directive on June 2 started the clock. Here is your action plan. ***Former Department of Homeland Security cybersecurity leader, Paul Loeffler, explains why you need to govern your AI now, not after the fact. We will build the plan with you.*** **Why this matters now** The directive puts CISA in the lead for defending civilian federal systems while agencies move fast on AI. Upgrading for AI without governance widens your attack surface instead of shrinking it. That is the gap we close. ### The 90-day action plan Five steps to put your AI under governance in 90 days, whatever your seat. Wherever you are in the window, we will tailor the plan with you. #### Phase 0. Discover and inventory every AI actor **Action:** Build a live inventory of every AI agent, model, tool, and the identities behind them. **Why:** You cannot report or defend what you cannot see. (EO Section 2) **For your lane:** Federal reports to CISA. SLED answers grant reviewers. Contractors show their agency customer. #### Step 1. Document approved designs before deployment **Action:** Define how each agentic workflow should run before it goes live. **Why:** Agentic systems are systems, not prompts. Approve them in advance, not after an incident. **For your lane:** Every authority signs the same artifact, an approved design. #### Step 2. Bind every agent to an accountable identity **Action:** Give each agent least-privilege, revocable authority tied to a named owner. **Why:** What you cannot attribute, you cannot trust or shut off. (EO Section 4) **For your lane:** Least privilege and instant revocation, in any environment. #### Step 3. Watch runtime for drift **Action:** Compare live agent behavior against the approved design, continuously. **Why:** AI changes without a code deploy. Catch drift the moment it happens. **For your lane:** Detection reads against whatever baseline your lane requires. #### Step 4. Make it reportable, and ready for the directive **Action:** Produce the audit-ready record that proves your AI is governed. **Why:** The directive points to the AI agent as a reportable asset. FedRAMP High is the trust baseline (expected June 2026). **For your lane:** CDM and OMB for federal, GovRAMP and SLCGP for SLED, a FedRAMP service offering for contractors. ## Book a Consultation [Adopt AI with Confidence](https://jetstream.security/executive-order-federal-ai-directive-fedramp/) #### Explore more insights [See all Insights](/insights) [https://jetstream.security/insights-old/make-the-ai-agent-a-reportable-asset/](https://jetstream.security/insights-old/make-the-ai-agent-a-reportable-asset/) Blog Jun 4, 2026 ###### Make the AI Agent a Reportable Asset The June 2, 2026 executive order makes CISA the lead for defending civilian federal systems as agencies adopt advanced AI. Section 2 tells agencies to upgrade f… [https://jetstream.security/insights-old/make-the-ai-agent-a-reportable-asset/](https://jetstream.security/insights-old/make-the-ai-agent-a-reportable-asset/) [https://jetstream.security/insights-old/frontier-ai-threat-management-ny-dfs/](https://jetstream.security/insights-old/frontier-ai-threat-management-ny-dfs/) AI Advisory Jun 3, 2026 ###### NY Department of Financial Services Issues Guidance on Preparation for Heightened Cybersecurity Threats NY DFS is telling regulated financial firms to prepare now for cyber threats accelerated by frontier AI. Readiness, not new rules, is the ask. Ahead of any fede… [https://jetstream.security/insights-old/frontier-ai-threat-management-ny-dfs/](https://jetstream.security/insights-old/frontier-ai-threat-management-ny-dfs/) [https://jetstream.security/insights-old/citizen-developer-employees-risk/](https://jetstream.security/insights-old/citizen-developer-employees-risk/) AI Advisory Jun 3, 2026 ###### The Rise of the Citizen Developer: Why Your Employees Are Already Building Without You Your citizen developers are building AI tools faster than approval can keep up. The answer is visibility, not another policy. There is a quiet revolution happen… [https://jetstream.security/insights-old/citizen-developer-employees-risk/](https://jetstream.security/insights-old/citizen-developer-employees-risk/)