Recently, the US Government Accountability Office (GAO) released a study tracking US federal agencies’ progress on meeting the requirements set out in OMB M-21-31. Released in 2021, the Office of Management and Budget (OMB)’s M-21-31 memorandum provided guidance and requirements for federal agencies in order to improve centralized visibility into logging data before, during, and after cybersecurity incidents. The memo outlined a logging maturity model with four tiers (E0-3) to guide agencies in their compliance process.
In the new study, GAO found that agencies “have made progress in preparing for and responding to cyber threats.” At the same time, however, the study noted that 20 of the 23 agencies did not meet M-21-31’s tier 3 advanced event logging (“advanced EL3”) August deadline for tracking, storing, and managing event logs.
The study highlighted three challenges agencies are facing as they work to meet M-21-31 event logging requirements:
-
Lack of staff
-
Event logging technical challenges
-
Limitations in cyber event information sharing
In this post, we’ll walk through these challenges and share how we’ve seen federal customers address them using Elasticsearch®.
Leave a Reply