Make Progress in Incident Response and Reporting

When Executive Order 14028, “Improving the Nation’s Cybersecurity,” was issued in May 2021, it included directives for agencies to establish several incident response and logging procedures, including sharing information on incident detection and response, by August 2023. In August of that year, the Office of Management and Budget issued Memorandum 21-31 setting specific requirements for agencies to meet, for which the Cybersecurity and Infrastructure Security Agency (CISA) issued guidance regarding implementation. But the Government Accountability Office (GAO) reported in December that just three out of 23 organizations had met the deadline. The report stated that the three most common reasons noncompliant agencies cited for their failing to meet the deadline were, “(1) lack of staff, (2) event logging technical challenges, and (3) limitations in cyber threat information sharing.”