Be Compliant with the Mandate to Improve the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents.

M-21-31 — Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents

  • Capture outlined log information – The Trinity Cyber service meets the event logging requirements addressed in M-21-31.
  • Inspect encrypted data (break and inspect) – This is a key tenant of the Trinity Cyber solution and enables agencies to meet and exceed Event Logging tier 2 requirements -- the highest and intermediate criticality levels defined in the memorandum for implementation of encrypted traffic inspection.
  • Automation – The Trinity Cyber solution automates threat prevention.
  • Read the mandate here >>

Learn More About Each Mandate

M-21-31 Compliance


EL1 - 0

  • Email filtering, spam and phishing – IP and domain reputation
  • Network device infrastructure – IP, URL, hostname, DNS, DHCP, WIFI, session, response
  • Cloud environments – Full layer 2 data capture of cloud providers -AWS, Azure, GCP, etc.
  • CISA and FBI Access- Real time access via API or credentials to appropriate federal agencies


EL2 - 1

  • Email filtering, spam and phishing – Content filtering
  • Anti-virus and malware protection – IP, port, hostname, hash, action taken
  • Network device infrastructure - Hash, hostname, IP, port, MAC, protocol, signature
  • Web application – URL, headers, HTTP methods/response, response codes
  • Container – Supply chain – full imagine inspection and remediation
  • Full session packet capture – inbound and outbound break and inspect


EL2 - 2

  • Email filtering, spam and phishing – Full inspection of email and attachment, headers, rules
  • Network traffic - Full packet capture data – decrypted and unencrypted
  • Application level – COTS and Non-COTS
  • Container - Hash, malware detection, network and process monitoring, file and object


EL3 - 3

  • Advanced centralized access – Logs available to the highest agency level
  • Mainframes – Log4j, sysout, syslog, IDS, SMF, RMF
  • User behavior monitoring – Lateral movement, compromised system, host, device, access
  • Container – Full event mitigation at the container level, logging
  • Orchestration, automation and response – Fully automated mitigation and SOAR integration

"Trinity Cyber’s profound technical breakthrough is designed expressly to 'shift the advantage to the defenders.' I and the Trinity Cyber team are delighted that the Biden Administration’s National Cybersecurity Strategy recognizes that as the core goal for our country."

Thomas P. Bossert, President at Trinity Cyber, Inc.

Worried about these mandates? We have you covered. Learn more below.