Site icon

Logging Requirements for Federal Agencies and the Importance of Logging for Cybersecurity

A new report shines a light on some unfortunate news in the world of federal cybersecurity. According to the U.S. Government Accountability Office (GAO), only three of 23 federal agencies have reached their expected logging requirements as dictated by Executive Order 14028.

In this article, we’re talking about this executive order and what it calls for in security logging, why logging is critical in cybersecurity, and what you can do to ensure that you’re at least familiar with what it means to use logging as a method of preparedness properly.

 

Executive Order 14028: Improving the Nation’s Cybersecurity

In May 2021, the Office of the President issued Executive Order 14028, a significant step in bolstering the nation’s defenses against increasing cybersecurity threats. This order came in response to high-profile cyber incidents highlighting vulnerabilities in both public and private sector networks.

The preceding years witnessed a surge in sophisticated cyberattacks, including ransomware and espionage campaigns targeting critical infrastructure and government agencies. These incidents exposed the urgent need for a comprehensive and coordinated approach to strengthen cybersecurity across federal networks and the private sector.

The order outlines several key measures aimed at fortifying the U.S. cybersecurity infrastructure:

The order significantly impacts how federal agencies and their contractors manage cybersecurity. It requires agencies to adopt multi-factor authentication and encryption and to move towards a zero-trust architecture. For the private sector, especially those providing software to the government, the order sets higher standards for cybersecurity compliance.

 

Memorandum M-21-31 and Enhancing Log Management

Following Executive Order 14028, the Office of Management and Budget (OMB) released Memorandum M-21-31, explicitly addressing the enhancement of logging, log retention, and log management practices within federal agencies.

Memorandum M-21-31 is a directive for federal agencies to improve their logging practices, a crucial aspect of cybersecurity and incident response, and a requirement detailed in EO 14028. This memorandum complements the Executive Order by providing detailed guidelines on how agencies should manage and retain logs effectively.

The memorandum outlines several key requirements:

Memorandum M-21-31 introduces a structured approach to logging by establishing a tiered system. This system categorizes logging activities into different tiers with requirements and expectations. The tiered approach is designed to standardize logging practices across federal agencies, ensuring a baseline level of cybersecurity and incident response capability.

 

Overview of Logging Requirement Tiers

Tiers apply to an organization’s approach to logging requirements. Starting with maintaining logs considered of the “highest criticality,” a more robust logging infrastructure will expand from this base to cover more intermediate and peripheral security and logging demands. 

 

Implementation 

This memorandum sets out specific implementation requirements:

 

Why Are These New Logging Requirements So Important?

For several reasons, logging, retention, and management play crucial roles in cybersecurity. They are fundamental components of an organization’s security infrastructure, providing the means to track, analyze, and respond to potential security incidents.

Logging and log management is crucial for several reasons:

 

Make Sure Your Logging Is Up to Speed with Continuum GRC

Continuum GRC is a cloud platform that can take something as routine and necessary as regular vulnerability scanning and reporting under FedRAMP and make it an easy and timely part of business in the public sector. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:

And more. We are the only FedRAMP and StateRAMP-authorized compliance and risk management solution worldwide.

Continuum GRC is a proactive cyber security® and the only FedRAMP and StateRAMP-authorized cybersecurity audit platform worldwide. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.

[wpforms id= “43885”]

Exit mobile version