[Fed-Talk] OMB: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents
[Fed-Talk] OMB: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents
- Subject: [Fed-Talk] OMB: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents
- From: Todd Heberlein via Fed-talk <email@hidden>
- Date: Fri, 3 Sep 2021 10:46:40 -0700
FYI:
Executive Office of the President Office of Management and Budget memorandum
Subject: Improving the Federal Government’s Investigative and Remediation
Capabilities Related to Cybersecurity Incidents
https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf
<https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf>
macOS-specific requirements begin on page 22.
Note, many of these logging requirements (e.g., Process Creation and
Termination, transfer of data to remote hosts, active network communications
with other hosts) are actually blocked by DISA’s STIG BSM audit rules for
macOS. (Same is true with STIG rules for Linux auditing)
Also, as discussed here before, Apple has deprecated its BSM auditing solution
in favor of a new event monitoring solution.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden