OMB Scraps Biden-Era Cyber Logging Rules

Governance & Risk Management , Government , Industry Specific OMB Scraps Biden-Era Cyber Logging Rules New Memo Replaces SolarWinds-Era Rules With Risk-Based Model Chris Riotta (@chrisriotta) • May 26, 2026     Share Post Share Credit Eligible Get Permission The Eisenhower Executive Office Building in Washington, D.C., where the Office of Management and Budget is located. (Image: Ute Sonja Medley/Shutterstock) The Trump administration is scrapping Biden-era federal cybersecurity logging requirements while aiming for a more targeted, risk-based approach in a new framework. See Also: New Trend in Federal Cybersecurity: Streamlining Efficiency with a Holistic IT Approach eBook The Office of Management and Budget formally rescinded the 2021 directive that established an aggressive approach to federal logging retention and visibility requirements following the SolarWinds breach. The updated policy calls for agencies to adopt a "risk-based, prioritized logging approach" centered around two objectives: continuous event monitoring and post-compromise threat hunting, investigation, response and forensics. OMB Director Russel Vought described the previous administration's approach to logging as ineffective and said the prior directive imposed expensive and operationally impractical logging mandates that often produced large quantities of data with limited defensive value. He argued that some requirements "proved neither operationally feasible nor cost-effective for most agencies" and led to the collection of large data troves with limited defensive value. The memorandum warns that cyber adversaries are using automation and artificial intelligence to accelerate attacks, maintain persistence and move laterally across systems at speeds that traditional monitoring environments can struggle to detect in real time. The updated framework directs agencies to prioritize rapid detection and response capabilities while maintaining enough retained data to reconstruct incidents and conduct forensic investigations after a compromise occurs. The policy extends beyond traditional IT systems to Internetof Things devices and operational technology environments operated directly by agencies or by contractors. The Cybersecurity and Infrastructure Security Agency, alongside OMB and the federal CISO council, will also be required to develop a governmentwide "logging reference architecture" within 90 days of establishing baseline implementation guidance for agencies. The reference architecture will align with federal zero trust modernization efforts, according to the memo, and will include guidance on centralized log visibility, AI-assisted monitoring capabilities, OT logging and methods for protecting sensitive information captured in logs. Agencies are expected to achieve baseline logging maturity within 120 after the architecture is released under the timeline included in the memo - followed by intermediate maturity within 180 days and advanced maturity within 320 days. The guidance also narrows several data retention expectations compared with the Biden-era framework. Agencies are now required to maintain logs in a searchable state for six months and retrievable for one year.