OMB Creates Maturity Framework for Event Log Management

OMB Creates Maturity Framework for Event Log Management
Virtual Private Network

The Office of Management and Budget (OMB) has released a memorandum that establishes a maturity model for event log management as part of efforts to improve the federal government’s capabilities to remediate and investigate cyber incidents in accordance with the cybersecurity executive order issued in May.

The maturity level is composed of four Event Logging tiers meant to help agencies prioritize resources and efforts in order to “achieve full compliance with requirements for implementation, log categories, and centralized access,” OMB said in the Friday memo.

Agencies should evaluate their maturity against the model and identify implementation gaps within 60 days, achieve Event Logging tier 1 maturity within a year, reach EL2 maturity within 18 months and EL3 maturity within two years of the memo’s release date.

The memo also requires agencies to share relevant logs to the FBI, Cybersecurity and Infrastructure Security Agency and other federal agencies to address cyberthreats.

The document outlines the specialized responsibilities of the CISA and Department of Commerce as part of efforts to enhance the use and management of logging practices.

CISA, for instance, will oversee the deployment of teams to advise agencies when it comes to assessing logging capabilities and development of tools to facilitate review of logging maturity across the organization.

Supply Chain Cybersecurity: Revelations and Innovations

ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.

You may also be interested in...

Government

GAO: DOD Should Fill Gaps in Small Business Strategy

The Government Accountability Office (GAO) advises the Department of Defense (DOD) to develop an implementation plan, policy and a formal monitoring process for the DOD Small Business Strategy. Congress, in 2019, tasked DOD to create a strategy that will guide how the department handles small business programs, GAO said Thursday.