The Office of Management and Budget (OMB) has released a memorandum that establishes a maturity model for event log management as part of efforts to improve the federal government’s capabilities to remediate and investigate cyber incidents in accordance with the cybersecurity executive order issued in May.
The maturity level is composed of four Event Logging tiers meant to help agencies prioritize resources and efforts in order to “achieve full compliance with requirements for implementation, log categories, and centralized access,” OMB said in the Friday memo.
Agencies should evaluate their maturity against the model and identify implementation gaps within 60 days, achieve Event Logging tier 1 maturity within a year, reach EL2 maturity within 18 months and EL3 maturity within two years of the memo’s release date.
The memo also requires agencies to share relevant logs to the FBI, Cybersecurity and Infrastructure Security Agency and other federal agencies to address cyberthreats.
The document outlines the specialized responsibilities of the CISA and Department of Commerce as part of efforts to enhance the use and management of logging practices.
CISA, for instance, will oversee the deployment of teams to advise agencies when it comes to assessing logging capabilities and development of tools to facilitate review of logging maturity across the organization.
ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.