U.S. federal agencies have 24 months to fully comply with President Biden’s new cybersecurity Executive Order Memorandum M-21-31. This order, called “Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents,” aims to focus agencies on practical steps to rapidly improve the prevention, detection, assessment, and remediation of cyber incidents. Requirements present comprehensive, detailed guidance for logging, orchestration, automation, response, user behavior monitoring, access, and incident visibility.
At the heart is logging, which provides the vital data that underpins an agency’s ability to deliver threat detection, investigation, and response (TDIR).
