Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

M-21-31: Identify gaps in event logging requirements #1555

Open
2 of 6 tasks
rocheller123 opened this issue Sep 1, 2021 · 3 comments
Open
2 of 6 tasks

M-21-31: Identify gaps in event logging requirements #1555

rocheller123 opened this issue Sep 1, 2021 · 3 comments
Assignees
@MichaelSides
Labels
g: accepted Issue has been fully groomed. m: due date Has a hard or soft deadline t: weeks Should be complete-able in a matter of weeks (wall clock time) — see what can be split out

Comments

@rocheller123
Copy link
Contributor

rocheller123 commented Sep 1, 2021
edited by MichaelSides

Background Information

M-21-31: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents requires federal agencies to log information to aid in the "detection, investigation, and remediation of cyber threats" and to share information with other agencies, if required, to address cybersecurity risks or incidents.

The required log information is broken down into 4 Event Logging (EL) tiers: EL0, EL1, EL2, EL3.

The requirements for ensuring the information for each tier is being collected are as follows with specific deadlines from date of memo (8/27/2021):

  • Within 60 days of memo date: As per memo, "Identify resourcing and implementation gaps associated with completing each of the requirements listed below. Agencies will provide their plans and estimates to their OMB Resource Management Office (RMO) and Office of the Federal Chief Information Officer (OFCIO) desk officer."
  • Within one year of memo date: reach EL1 maturity as defined in M-21-31.
  • Within 18 months of memo date: achieve EL2 maturity as defined in M-21-31.
  • Within 2 years of memo date: achieve EL3 maturity as defined in M-21-31.

The first step is to identify the required information that is not being collected and to create a plan to ensure the information is being collected.

Implementation Steps

  • Identify groups that will be involved.
  • Identify tasks for groups.
  • Identify what log information is currently being collected.
  • Identify gaps in event logging requirements.
  • Develop a plan to address gaps.

Acceptance Criteria

  • The gaps in the implementation of the logging requirements as per M-21-31 have been identified and an appropriate plan to complete implementation has been developed.
@rocheller123 rocheller123 added the g: initial Issue template needs to be filled out, and/or initiative/timing labels need to be added. label Sep 1, 2021
@rocheller123 rocheller123 changed the title M-21-31: Identify gaps in event logging requirements as per memo M-21-31: Identify gaps in event logging requirements - Due 10/26/2021 Sep 2, 2021
@afeld afeld added the m: due date Has a hard or soft deadline label Sep 8, 2021
@afeld afeld added the t: weeks Should be complete-able in a matter of weeks (wall clock time) — see what can be split out label Sep 8, 2021
@afeld afeld moved this from New to Backlog (Sprint Staging) in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Sep 8, 2021
@afeld
Copy link
Contributor

afeld commented Sep 8, 2021

cc https://github.com/18F/aws-admin/issues/150

@rocheller123 rocheller123 mentioned this issue Sep 8, 2021
Closed
3 tasks
@afeld afeld moved this from Backlog (Sprint Staging) to Ready (Sprint Planned) in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Sep 20, 2021
@adborden adborden moved this from Ready (Sprint Planned) to In Progress in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Sep 23, 2021
@adborden adborden added g: accepted Issue has been fully groomed. and removed g: initial Issue template needs to be filled out, and/or initiative/timing labels need to be added. labels Sep 27, 2021
@rocheller123 rocheller123 moved this from In Progress to Waiting/Feedback in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Oct 4, 2021
@rocheller123
Copy link
Contributor Author

Discussed in Slack: https://gsa-tts.slack.com/archives/CG8SNAEQM/p1636040839007600

@JJediny JJediny changed the title M-21-31: Identify gaps in event logging requirements - Due 10/26/2021 M-21-31: Identify gaps in event logging requirements Apr 4, 2022
@JJediny JJediny moved this from Waiting/Feedback to Ready (Sprint Planned) in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Apr 4, 2022
@JJediny JJediny removed this from Ready (Sprint Planned) in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Jan 22, 2024
@MichaelSides
Copy link

MichaelSides commented Jun 3, 2024
edited

Week of June 3rd:

@MichaelSides MichaelSides mentioned this issue Jun 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MichaelSides MichaelSides

Labels
g: accepted Issue has been fully groomed. m: due date Has a hard or soft deadline t: weeks Should be complete-able in a matter of weeks (wall clock time) — see what can be split out
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@afeld @adborden @josephderosales @rpalmer-gsa @rocheller123 @MichaelSides