Modernizing Federal Cybersecurity (Sec. 3.)
Federal staff are now mandated to modernize their security operations, fortify networks, and apply available expertise to become more informed and prepared for the next cyberattack, specifically by:
Strengthening Government Cybersecurity Detection (Sec. 7.)
The Federal Government shall employ all appropriate resources and authorities to maximize the early detection of cybersecurity vulnerabilities and incidents on its networks.
Improving Investigative and Remediation Capabilities (Sec. 8.)
The Office of Management and Budget’s M-21-31 mandates a maturity model for event log management. At a high level, the memo prescribes an enterprise logging maturity model with 4 levels (EL0-EL3) and then sets deadlines for achieving each level. Each level becomes increasingly sophisticated by requiring more data sources, longer retention, and eventually implementing UBA and SOAR capabilities.