BALTIMORE — Agencies will soon get their first set of marching orders from President Donald Trump’s executive order on artificial intelligence from earlier this week.
The Cybersecurity and Infrastructure Security Agency is expected to issue at least one binding operational directive as soon as Friday to direct agencies to secure large language models.
“We’re going to be rolling out before the end of the week some specific artificial intelligence platform access for our federal governmentwide partners. We’re going to be rolling out binding operational directives that are going to focus on vulnerability remediation and vulnerability management way forward for our extended enterprise,” Nick Andersen, the acting director of CISA, said during a speech Wednesday at the TechNet Cyber conference, sponsored by AFCEA. “We’ve got folks that are right here working as part of the cyber committee that are here from CISA, that are helping to modernize the approach that we’re managing overall federal security risk, and how we’re looking at our risk profile associated with system authorizations. All of these different elements fit together again into that, how do we integrate our government and how do we integrate our industry approaches in order to be able to deliver a more resilient enterprise?”
Andersen declined to offer any further details about the impending BOD(s).
But the EO, which was signed Tuesday and puts CISA on the clock for several initiatives, detailed some high-level goals of the new directive.
The EO says, within 30 days, CISA is to issue one or more BODs or other guidance to do several things, including expedite and prioritize the cyber defense of civilian federal systems.
CISA also will establish or expand federal programs and cybersecurity services that enhance AI-enabled defensive tools.
And finally, the EO says CISA will facilitate access to cybersecurity tools and services including, where appropriate, covered frontier models for agencies, state and local authorities and operators of critical infrastructure such as rural hospitals, community banks and local utilities.
BOD is a marker
Yejin Jang, the vice president of government affairs at Abnormal AI, said in an emailed statement that the BODs are a marker for federal cybersecurity.
“The defense of our nation’s vital functions will be carried out at the speed and scale only modern, AI-native capabilities can deliver. We read this not in isolation, but as the natural next step in a coherent modernization agenda that follows OMB’s recent logging overhaul, which traded compliance-era requirements for an adaptive, risk-based framework,” Jang wrote. “The throughline is clear: the federal enterprise is moving away from collecting vast reservoirs of raw data to be stitched together later, and toward systems that surface the answer itself.”
Jang added that as AI tools become more advanced, they can give cyber defenders better data about protecting their technology environments.
Gary Barlet, the public sector chief technology officer at Illumio and a former chief information officer at the Postal Service’s inspector general office, said in a statement that the EO reflects a growing reality across the public and private sectors.
“As AI accelerates both cyber defense and cyberattacks, organizations have less time to respond and must assume some threats will get through. The real challenge isn’t detection, it’s containment,” he said in a statement. “For federal agencies and critical infrastructure operators, the priority should be ensuring a single compromise doesn’t turn into missionwide disruption. That means limiting lateral movement, containing breaches quickly, and protecting critical systems even after attackers gain an initial foothold.”
Along with the BOD(s), Andersen said the new governmentwide platform will help civilian agencies access secure AI capabilities.
“One of the initial focus areas for us is going to be on how do we provide the rights for a platform for these types of AI capabilities to make them broadly available for federal civilian executive branch, especially, so we can take advantage of the defensive capability it’s going to give us access to, and the ability to manage that vulnerability environment that we see,” he said in an interview after his speech. “I think it’s still in flight right now, as we continue to define that. The biggest focus for us right now is going to be, how do we take that information about the attack surface and how do we take that information about vulnerability management and put that in the hands of folks can actually remediate that and start to buy down some of that risk on the federal civilian executive branch side, especially for our mission? Then, how do we continue to build those partnerships as we continue to see this expanding and evolve, because we’ve been having the conversation primarily about a single vendor in the space and a single AI capability within the space.”
CISA extra busy this summer
Andersen said the platform, which still needs to be defined more specifically, will help create a repeatable process to help agencies address AI security.
CISA has plenty to do over the next few months with the EO and the new logging memo from the Office of Management and Budget where it has to develop a new or updated architecture for agencies to follow.
The EO specifically calls out CISA to help lead five different initiatives.
The order directs several agencies, including CISA, the National Institute of Standards and Technology and the National Security Agency, to establish a voluntary system for the government to evaluate advanced frontier AI models for cybersecurity risks before they’re released publicly. This framework needs to be in place in 60 days.
Under the framework, AI developers will provide the federal government with access to leading edge frontier models 30 days before they release the models to any other organizations.
The EO also directs the Treasury Department, working with the NSA, CISA and other agencies, to form an “AI cybersecurity clearinghouse.” The group will work with the AI industry and critical infrastructure operators to coordinate on new software vulnerabilities, as well as prioritize patching and remediation of those vulnerabilities.
Given how much work CISA has on its plate, DHS Secretary Markwayne Mullin recognized at the House Homeland Security Committee hearing Wednesday that the agency needs more people. Mullin said the agency needs to hire hundreds of additional staff to get to the 2,800 employees he believes is necessary to carry out its mission. CISA’s staff has gone from roughly 3,400 people to 2,200 under the Trump administration.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
