Voglio sapere a riguardo di…

26644

Federal Register / Vol. 86, No. 93 / Monday, May 17, 2021 / Presidential Documents h Within 90 days of the date of this order, the Secretary of Defense, the Director of National Intelligence, and the CNSS shall review the recommendations submitted under subsection g of this section and, as appropriate, establish policies that effectuate those recommendations, consistent with applicable law.
i Within 90 days of the date of this order, the Director of CISA shall provide to the Director of OMB and the APNSA a report describing how authorities granted under section 1705 of Public Law 116283, to conduct threat-hunting activities on FCEB networks without prior authorization from agencies, are being implemented. This report shall also recommend procedures to ensure that mission-critical systems are not disrupted, procedures for notifying system owners of vulnerable government systems, and the range of techniques that can be used during testing of FCEB Information Systems. The Director of CISA shall provide quarterly reports to the APNSA
and the Director of OMB regarding actions taken under section 1705 of Public Law 116283.
j To ensure alignment between Department of Defense Information Network DODIN directives and FCEB Information Systems directives, the Secretary of Defense and the Secretary of Homeland Security, in consultation with the Director of OMB, shall:
i within 60 days of the date of this order, establish procedures for the Department of Defense and the Department of Homeland Security to immediately share with each other Department of Defense Incident Response Orders or Department of Homeland Security Emergency Directives and Binding Operational Directives applying to their respective information networks;
ii evaluate whether to adopt any guidance contained in an Order or Directive issued by the other Department, consistent with regulations concerning sharing of classified information; and iii within 7 days of receiving notice of an Order or Directive issued pursuant to the procedures established under subsection ji of this section, notify the APNSA and Administrator of the Office of Electronic Government within OMB of the evaluation described in subsection jii of this section, including a determination whether to adopt guidance issued by the other Department, the rationale for that determination, and a timeline for application of the directive, if applicable.
Sec. 8. Improving the Federal Governments Investigative and Remediation Capabilities. a Information from network and system logs on Federal Information Systems for both on-premises systems and connections hosted by third parties, such as CSPs is invaluable for both investigation and remediation purposes. It is essential that agencies and their IT service providers collect and maintain such data and, when necessary to address a cyber incident on FCEB Information Systems, provide them upon request to the Secretary of Homeland Security through the Director of CISA and to the FBI, consistent with applicable law.
b Within 14 days of the date of this order, the Secretary of Homeland Security, in consultation with the Attorney General and the Administrator of the Office of Electronic Government within OMB, shall provide to the Director of OMB recommendations on requirements for logging events and retaining other relevant data within an agencys systems and networks. Such recommendations shall include the types of logs to be maintained, the time periods to retain the logs and other relevant data, the time periods for agencies to enable recommended logging and security requirements, and how to protect logs. Logs shall be protected by cryptographic methods to ensure integrity once collected and periodically verified against the hashes throughout their retention. Data shall be retained in a manner consistent with all applicable privacy laws and regulations. Such recommendations shall also be considered by the FAR Council when promulgating rules pursuant to section 2 of this order.

VerDate Sep<11>2014

15:52 May 14, 2021

Jkt 253001

PO 00000

Frm 00012

Fmt 4705

Sfmt 4790

E:FRFM17MYE0.SGM

17MYE0