{"id":220453,"date":"2026-05-26T13:51:00","date_gmt":"2026-05-26T17:51:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/26\/omb-swaps-biden-era-cyber-memo-for-new-prioritized-logging-tactic\/"},"modified":"2026-05-26T14:00:08","modified_gmt":"2026-05-26T18:00:08","slug":"omb-swaps-biden-era-cyber-memo-for-new-prioritized-logging-tactic","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/26\/omb-swaps-biden-era-cyber-memo-for-new-prioritized-logging-tactic\/","title":{"rendered":"OMB swaps Biden-era cyber memo for new prioritized logging tactic"},"content":{"rendered":"<p><a href=\"https:\/\/fedscoop.com\/omb-swaps-biden-era-cyber-memo-prioritized-logging-tactic\/\">OMB swaps Biden-era cyber memo for new prioritized logging tactic<\/a><\/p>\n<p><a href=\"https:\/\/fedscoop.com\/omb-swaps-biden-era-cyber-memo-prioritized-logging-tactic\/\">https:\/\/fedscoop.com\/omb-swaps-biden-era-cyber-memo-prioritized-logging-tactic\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-26 13:51:00<\/a><\/p>\n<p>Source Domain: <a href=\"fedscoop.com\">fedscoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Federal agencies will shift to a priority and risk-based method of logging cybersecurity events under a Friday memo from the Office of Management and Budget aimed at cutting \u201cred tape\u201d and costs.<\/p>\n<p>The memo from OMB Director Russell Vought rescinds and replaces a previous directive from the Biden administration issued after the 2020 SolarWinds breach that affected both the public and private sectors. While the previous policy \u201cimproved foundational capabilities across agencies,\u201d OMB said the amount of data agencies were required to retain was costly and operationally difficult.\u00a0<\/p>\n<p>In its place, the Trump directive outlines \u201ca risk-based, prioritized logging approach\u201d to logging.<\/p>\n<p>OMB\u2019s policy comes amid concern about the use of artificial intelligence and automation to fuel cyberattacks. That technology can speed up the process of gaining access to a system and help covertly maintain that access for a long time. It\u2019s also increasingly being used by threat actors, the memo said. Event logging is a \u201ckey\u201d aspect of agencies\u2019 ability to mitigate those threats.<\/p>\n<p>\u201cAgencies rely on information from logs to understand activity across their systems, recognize events that require attention, and support the analysis and response actions that protect sensitive data and maintain operations,\u201d OMB said.<\/p>\n<p>Under the policy, agencies are instructed to prioritize two objectives: continuous event monitoring (CEM) and threat hunting, investigation, response and forensics (THIRF). Specifically, CEM refers to capabilities that allow agencies to monitor their networks in real time, and THIRF encompasses each agency\u2019s ability to investigate and analyze network activity.\u00a0<\/p>\n<p>In the next 90 days, the Department of Homeland Security\u2019s Cybersecurity and Infrastructure Security Agency (CISA), in coordination with OMB and the Chief Information Security Officer (CISO) Council, will develop more guidance for agencies. That guidance will be in the form of a logging reference architecture (LRA) that meets the requirements of the memo.\u00a0<\/p>\n<p>Per the document, the guidance will allow agencies to implement their new priorities while building on their progress under the old memo and providing flexibility for their varying missions.\u00a0<\/p>\n<p>Agencies, meanwhile, are required to submit their logging plans within 90 days of the LRA\u2019s publication. Those plans will outline each agency\u2019s steps to meet the memo\u2019s baseline requirements and must be periodically updated.<\/p>\n<p>While the 2021 memo helped the government make progress on cybersecurity, many agencies struggled to implement its requirements on time. In August 2023, the Government Accountability Office documented that over a dozen agencies failed to meet the directive\u2019s most basic logging requirements. Those recommendations appear to still be open, per the GAO website.<\/p>\n<p>At the same time, at least one IT leader has argued that continuous logging was a needed next step for agencies to reflect the current threat environment.<\/p>\n<p>Writing for FedScoop in October 2025, Bill Wright, then-head of government affairs for Elastic, suggested that OMB and CISA should require continuous data collection to \u201cdefend against modern cyber threats.\u201d He\u2019s now the head of government affairs at Everpure.<\/p>\n<p>\u201cBy revising the memo\u2019s language to require agencies to continuously collect and stream all log types in real time to a centralized location, agencies can close the gaps that are inherent in intermittent collection methods and create an unbroken chain of evidence for security events,\u201d Wright wrote.<\/p>\n<p>\t\t\tWritten by Madison Alder<br \/>\n\t\t\tMadison Alder is a reporter for FedScoop in Washington, D.C., covering government technology. Her reporting has included tracking government uses of artificial intelligence and monitoring changes in federal contracting. She\u2019s broadly interested in issues involving health, law, and data. Before joining FedScoop, Madison was a reporter at Bloomberg Law where she covered several beats, including the federal judiciary, health policy, and employee benefits. A west-coaster at heart, Madison is originally from Seattle and is a graduate of the Walter Cronkite School of Journalism and Mass Communication at Arizona State University.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OMB swaps Biden-era cyber memo for new prioritized logging tactic https:\/\/fedscoop.com\/omb-swaps-biden-era-cyber-memo-prioritized-logging-tactic\/ Publish Date: 2026-05-26 13:51:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":220455,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2025\/01\/GettyImages-2193485018.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,30,24],"class_list":["post-220453","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220453"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=220453"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220453\/revisions"}],"predecessor-version":[{"id":220456,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220453\/revisions\/220456"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/220455"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=220453"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=220453"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=220453"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}