Government agencies are under pressure to adopt AI. Executive Order 14110 on Safe, Secure, and Trustworthy AI directs federal agencies to accelerate AI adoption for mission delivery. OMB memoranda M-24-10 and M-24-18 require agencies to designate Chief AI Officers, inventory AI use cases, and implement AI governance frameworks. The mandate is clear: modernize with AI or fall behind.
But government has constraints that most AI platforms ignore entirely.
Classified environments operate on air-gapped networks with no internet access. FedRAMP requires that cloud services meet 325+ security controls before agencies can use them. FISMA mandates continuous monitoring and annual security assessments. NIST 800-53 Rev. 5 defines the control baseline that underpins all of it. CMMC adds another layer for defense contractors handling Controlled Unclassified Information.
Most AI automation platforms are cloud-only SaaS. They assume your data can reach their servers and your LLM calls can traverse the public internet. For a significant portion of government work, none of those assumptions hold.
JieGou is built for this reality. Three deployment models, bring-your-own-model support, and compliance infrastructure designed to map directly to federal security frameworks.
Air-gapped deployment: AI without internet
Government agencies operate across a spectrum of classification levels, each with different network constraints. JieGou supports all three with distinct deployment models.
SaaS for unclassified work. Agencies working with publicly releasable data can use JieGou’s managed cloud platform. Standard web console, managed infrastructure, automatic updates.
VPC execution agents for sensitive workloads. For Controlled Unclassified Information (CUI) and sensitive-but-unclassified data, JieGou’s hybrid model separates the control plane from execution. The web console and workflow orchestration run in JieGou’s cloud. Execution agents run inside your agency’s VPC or GovCloud environment. When a workflow step executes, the agent processes it locally using your infrastructure and your API keys. The control plane receives execution metadata — duration, token count, success or failure — but never sees the raw data.
Fully air-gapped Docker deployment for classified environments. For Secret, Top Secret, and SCI environments, JieGou deploys as a self-contained Docker Compose stack or Kubernetes deployment with zero external dependencies. The self-hosted starter kit includes everything: the web console, workflow engine, scheduling, RBAC, and audit logging — all running inside your classified network boundary.
The starter kit includes Ollama auto-discovery. When JieGou starts, it probes well-known local endpoints (http://ollama:11434, http://localhost:11434, http://localhost:8000) for running inference servers. If it finds one, the admin dashboard shows a one-click configuration banner. Pull an open-source model — Llama 4, Mistral 3, Qwen 3 — and you have a fully functional AI automation platform with no data leaving the network boundary. No cloud API calls. No telemetry. No external DNS resolution. Nothing crosses the air gap.
BYOM: Bring Your Own Model for classified environments
Government agencies often cannot send data to commercial LLM APIs. OpenAI’s data processing addendum is irrelevant when you are operating on a network that has no route to the internet.
JieGou’s BYOM (Bring Your Own Model) architecture supports any OpenAI-compatible inference endpoint as a first-class provider. Configure an endpoint URL, a model name, and an optional API key. Every JieGou feature works with your model: recipes, workflows, bakeoff comparisons, batch execution, structured output extraction, and multi-turn chat.
This means you can run:
- vLLM serving Llama 4 Maverick on air-gapped GPU nodes
- Ollama running Mistral 3 Large on a standalone workstation
- SGLang or LocalAI on agency-provisioned infrastructure
- Any OpenAI-compatible endpoint your agency has already approved and deployed
The certified model registry tracks which models have been tested against JieGou’s full feature set — tool calling, structured JSON output, long-context processing. Certified models receive a green badge in the model selector. In a government context, this registry maps to your agency’s model approval process: only models that have passed your internal security review and are approved for a given classification level should be configured as available providers.
For agencies running JieGou Bakeoffs, you can compare model quality across your approved roster before deploying a workflow to production. Run the same prompt through three approved models, evaluate the outputs side by side, and select the one that meets both quality and security requirements. The evaluation happens entirely within your network.
Compliance infrastructure
JieGou’s platform features map directly to the NIST 800-53 controls that underpin FedRAMP and FISMA.
RBAC: Account management and least privilege
JieGou implements 6 roles with 26 granular permissions across 8 categories. This maps to two critical NIST 800-53 control families:
AC-2 (Account Management). Every user has a defined role (Owner, Admin, Dept Lead, Member, Auditor, Viewer) with explicit permission boundaries. The Auditor role exists specifically for compliance officers who need to read audit logs and governance reports without the ability to create, modify, or execute anything. Department scoping restricts access to resources within a user’s assigned organizational units.
AC-6 (Least Privilege). Permissions are enforced on every API call. A Viewer cannot execute a recipe. A Member cannot manage API keys. A Dept Lead cannot access resources outside their department. Users have zero access until their role explicitly grants it. SSO group-to-role mapping provisions users from your agency’s identity provider, ensuring that role assignments mirror your organizational structure.
Compliance timeline: Continuous monitoring
JieGou maintains a chronological audit log of every significant platform event: recipe executions, workflow runs, role changes, API key operations, configuration updates, login events. Each entry is timestamped, attributed to a user, and tagged with the relevant Trust Services Criteria (TSC) category.
This directly supports CA-7 (Continuous Monitoring) under NIST 800-53. Rather than reconstructing activity after the fact for an annual FISMA assessment, the compliance timeline provides a live, queryable record of platform activity. Auditors with the audit:read permission can review activity patterns, verify that access controls are functioning, and identify anomalies — all from the governance module, without requiring admin access. The audit log summary aggregates 30 days of activity into action breakdowns and top-actor reports, providing the evidence that security controls are operating effectively between assessment cycles.
SOC 2 evidence export: Accelerating ATO documentation
Authority to Operate (ATO) packages require extensive documentation. JieGou’s SOC 2 evidence aggregator generates structured reports covering 17 TSC controls across 8 categories, available as JSON export:
- Access reviews — Per-user roles, permissions, department assignments, resource access, last activity
- Encryption inventory — 10 encryption controls with algorithms, key sizes, scope, and key management details
- Vendor register — Third-party vendors with risk levels, certifications, and data access classifications
- Incident response runbook — 6 procedures across 4 phases with severity definitions and SLAs
- Compliance configuration — Active frameworks, data residency rules, PII detection settings
- Audit log summary — 30-day event counts, action breakdowns, top actors
Each section includes its own generatedAt timestamp. The report is versioned and machine-readable. For agencies preparing ATO packages, this eliminates weeks of manual evidence collection. Pull the report, map each section to the relevant NIST 800-53 controls in your System Security Plan, and hand the structured data to your assessor.
Data residency and boundary protection
JieGou’s per-category data residency controls support SC-7 (Boundary Protection). Nine data categories — execution results, metadata, audit logs, knowledge base documents, LLM conversations, credentials, and others — can each be assigned one of four residency modes: Local Only, Cloud Only, Cloud Sync, or Cloud Redacted. For government deployments, the critical mode is Local Only: data never leaves your network boundary. The control plane receives execution status but never content.
Credentials are permanently locked to Local Only. API keys never transit through external infrastructure.
Encryption: FIPS 140-2 alignment
JieGou encrypts data at rest using AES-256-GCM with BYOK (Bring Your Own Key) support. Customer API keys are encrypted with customer-managed keys. All traffic uses TLS 1.3 in transit. For agencies requiring FIPS 140-2 validated cryptographic modules, the BYOK architecture allows you to use your agency’s HSM-backed key management infrastructure, maintaining the validated cryptographic boundary.
Department packs for government
Government agencies don’t build automations from scratch — they need pre-built workflows aligned to their operational processes. JieGou’s department packs provide exactly this.
Procurement Review. Analyzes solicitation documents against FAR/DFARS requirements, flags non-compliant terms, and generates compliance checklists. Includes an approval gate requiring contracting officer sign-off before any output is distributed.
Contract Analysis. Extracts key terms, obligations, deadlines, and deliverables from contract documents. Compares against agency-standard templates and highlights deviations.
Incident Response. Maps to NIST SP 800-61 Rev. 2. Alert triage, severity classification, response plan generation, post-incident reporting, and stakeholder notification — with escalation triggers that page the incident commander for critical events.
Compliance Reporting. Generates periodic compliance reports from platform data: control status, finding summaries, remediation tracking. Formatted for inclusion in FISMA quarterly reports and POA&M (Plan of Actions and Milestones) updates.
Constituent Correspondence. Drafts response letters from constituent inquiries, applies agency tone and policy guidelines, and routes through supervisor approval before release.
Each pack ships with approval gates enforcing the review workflows required by government standard operating procedures. No output is finalized without human authorization from a user with the appropriate role and department scope.
Getting started
Air-gapped deployment, self-hosted model inference, NIST 800-53 control mappings, and ATO-ready evidence export are not features you bolt on after the fact. They are architectural decisions, and JieGou is built on them.
For agencies currently using n8n for workflow automation: n8n has accumulated 8 published CVEs and carries an architectural vulnerability in its credential storage model. For government security requirements — where a single CVE triggers a remediation timeline that disrupts operations — this is a non-starter. JieGou provides a direct migration path with workflow-compatible import tooling.
Learn more about JieGou’s government capabilities on the Government Industry page. For agencies requiring air-gapped deployment, see the Air-Gapped Deployment guide. To discuss your agency’s specific requirements, contact our team for a technical briefing.