Key Requirements: Capture specified logs (timestamps, event types, IP addresses, user identities). Retain data in acceptable formats for defined timeframes (Appendix C of M-21-31). Aggregate logs centrally and monitor for disruptions.. "In 2021, OMB issued Memorandum M-21-31 , Improving the Federal Government 's Investigative and Remediation Capabilities Related to Cybersecurity Incidents, to raise logging baselines and enhance agencies' knowledge of events occurring in their systems.
M-21-31 defines a standard set of event logging requirements that all federal agencies must follow. This enables agencies to collect the same types of data consistently — making it easier to analyze and share information across agencies (one of the main goals of EO 14028).. Complete the first version of the Agency Logging Plan, providing for fulfillment of this memorandum's minimum requirements and using the guidance and resources within the Logging Reference.