Qmulos Endorses OMB M-21-31’s Cybersecurity Requirements

12
Qmulos Endorses OMB M-21-31's Cybersecurity Requirements
Qmulos Endorses OMB M-21-31's Cybersecurity Requirements

Qmulos, the pioneering cybersecurity software and services firm driving the Converged Continuous Compliance™ revolution in enterprise security, compliance and risk management automation, announces the availability of proactive support for emerging compliance requirements under Executive Order 14028, Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents, Office of Management and Budget Memorandum 21-31 (OMB M-21-31) through its flagship Q-Compliance automated big-data platform.

OMB M-21-31 set forth an aggressive timeline for Federal organizations to achieve and demonstrate compliance with newly established logging, log retention, management, and centralized access and visibility provisions, along with measures designed to improve the security of Federal networks, assets, and supply chains, to better identify and respond to cybersecurity incidents, and to set easily measurable compliance and effectiveness standards for Agency risk management programs.

M-21-31 has established August 2022 as the target for Federal Agencies to demonstrate Event Logging Tier 1 (EL1) maturity, February 2023 for EL2, and August 2023 for achieving EL3 maturity. As currently defined, EL3 requires agencies to ensure that “logging requirements at all criticality levels are met.”

Also Read: Hidden Financial Costs of Security Orchestration

Commercial enterprises supporting Agencies should explore proactive compliance with M-21-31 as part of continuous efforts to mature risk management capabilities and compliance with current and emerging mandates such as CMMC, HIPAA, SOX, FedRAMP, and FISMA.

Qmulos enables Agencies to confidently achieve and demonstrate M-21-31 compliance on the timetable established by the Executive Order. Qmulos Q-Compliance and Q-Audit platforms offer broad out-of-the-box coverage of M-21-31 objectives, with user-friendly visualizations of control maturity, as well as technical evidence traceability and automated control validation.

Advanced cyber threats continue to evolve and impact the public sector. Accordingly, cybersecurity and risk management standards and mandates are expected to evolve over time, increasing the compliance overhead for those organizations that fail to implement data-driven automation as the foundation of mature compliance and risk management programs.

In the absence of compliance automation to enable up-to-date visibility of cybersecurity monitoring controls, Agency leadership will be progressively challenged by evolving mandates that call for continuous assessment and mitigation of event logging maturity gaps. Embracing Converged Continuous Compliance™ empowers organizations to transform legacy compliance management practices to achieve maturity against current and future objectives with confidence and efficiency.

For more such updates follow us on Google News ITsecuritywire News