In 2021, OMB published Memorandum M-21-31 developed pursuant to EO 14028. The memorandum establishes a maturity model for event log management, providing executive agency implementation requirements and details.

From the end of 2020, the U.S. public sector suffered two serious cyber security shocks. The SolarWinds hacked in December 2020 and in March 2021 the Microsoft Exchange Server were exposed to 4 zero-day vulnerabilities. The U.S. government were investigating these two major and large-scale information security incidents. However, investigators reported that the log retention policy in federal government agencies slowed down the process of incident investigations. The lack of log retention not only hindered the collection of event evidence, but also made it impossible for agencies to establish a baseline and detect abnormal behavior that deviates from the baseline. "Log retention of information systems in federal agencies is critical to the detection, investigation, and remediation of cyber threats," said the OMB director. Incident management is divided into detection, response, mitigation, notification, Recovery, restoration and experiential learning. Network traffic records allow incident response teams to find out the hacker's track, making incident response more complete when eradicating threats, without missing any host that may be embedded with a backdoor. What enterprises need to strengthen is definitely how to improve the resilience of enterprise information security after the cyber security incident.