(c) Within 90 days of receiving the recommendations described in subsection (b) of this section, the Director of OMB, in consultation with the Secretary of Commerce and the Secretary of Homeland Security, shall formulate policies for agencies to establish requirements for logging, log retention, and log management, which shall ensure centralized access and visibility for the highest level security operations center of each agency.
(d) The Director of OMB shall work with agency heads to ensure that agencies have adequate resources to comply with the requirements identified in subsection (c) of this section.
(e) To address cyber risks or incidents, including potential cyber risks or incidents, the proposed recommendations issued pursuant to subsection (b) of this section shall include requirements to ensure that, upon request, agencies provide logs to the Secretary of Homeland Security through the Director of CISA and to the FBI, consistent with applicable law. These requirements should be designed to permit agencies to share log information, as needed and appropriate, with other Federal agencies for cyber risks or incidents.
Sec. 9. National Security Systems. (a) Within 60 days of the date of this order, the Secretary of Defense acting through the National Manager, in coordination with the Director of National Intelligence and the CNSS, and in consultation with the APNSA, shall adopt National Security Systems requirements that are equivalent to or exceed the cybersecurity requirements set forth in this order that are otherwise not applicable to National Security Systems. Such requirements may provide for exceptions in circumstances necessitated by unique mission needs. Such requirements shall be codified in a National Security Memorandum (NSM). Until such time as that NSM is issued, programs, standards, or requirements established pursuant to this order shall not apply with respect to National Security Systems.
(b) Nothing in this order shall alter the authority of the National Manager with respect to National Security Systems as defined in National Security Directive 42 of July 5, 1990 (National Policy for the Security of National Security Telecommunications and Information Systems) (NSD–42). The FCEB network shall continue to be within the authority of the Secretary of Homeland Security acting through the Director of CISA.
Sec. 10. Definitions. For purposes of this order:
(a) the term “agency” has the meaning ascribed to it under 44 U.S.C. 3502.
(b) the term “auditing trust relationship” means an agreed-upon relationship between two or more system elements that is governed by criteria for secure interaction, behavior, and outcomes relative to the protection of assets.
(c) the term “cyber incident” has the meaning ascribed to an “incident” under 44 U.S.C. 3552(b)(2).
(d) the term “Federal Civilian Executive Branch Agencies” or “FCEB Agencies” includes all agencies except for the Department of Defense and agencies in the Intelligence Community.
(e) the term “Federal Civilian Executive Branch Information Systems” or “FCEB Information Systems” means those information systems operated by Federal Civilian Executive Branch Agencies, but excludes National Security Systems.
(f) the term “Federal Information Systems” means an information system used or operated by an agency or by a contractor of an agency or by another organization on behalf of an agency, including FCEB Information Systems and National Security Systems.
(g) the term “Intelligence Community” or “IC” has the meaning ascribed to it under 50 U.S.C. 3003(4).
(h) the term “National Security Systems” means information systems as defined in 44 U.S.C. 3552(b)(6), 3553(e)(2), and 3553(e)(3).
