One of the requirements for memo M-21-31 is to ensure that the log information at the EL1 tier is being collected within 1 year from the memo date (08/27/2021).
Logging information that needs to be collected to meet the EL1 tier requirements are:
[ ] Basic Logging Categories
[ ] Minimum Logging Data
[ ] Time Standard
[ ] Event Forwarding
[ ] Protecting and Validating Log Information
[ ] Passive DNS
[ ] Cybersecurity Infrastructure Security Agency (CISA) and Federal Bureau of Investigations (FBI) Access Requirements
[ ] Logging Orchestration, Automation, and Response – Planning
Background Information
One of the requirements for memo M-21-31 is to ensure that the log information at the EL1 tier is being collected within 1 year from the memo date (08/27/2021).
Logging information that needs to be collected to meet the EL1 tier requirements are:
Further details are described in Table 2 (EL1 Basic Requirements) within Appendix A (Implementation and Centralized Access Requirements).
Implementation Steps
Acceptance Criteria