Address M-21-31 Overnight.
Be Compliant with the Mandate to Improve the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents.


How Our Cutting-Edge New Capability Makes You More Secure and Compliant With M-21-31.

M-21-31 — Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents

  • Capture outlined log information – The TC:Edge service meets the event logging requirements addressed in M-21-31.
  • Inspect encrypted data (break and inspect) – This is a key tenant of the Trinity Cyber solution and enables agencies to meet and exceed Event Logging tier 2 requirements -- the highest and intermediate criticality levels defined in the memorandum for implementation of encrypted traffic inspection.
  • Automation – The Trinity Cyber solution automates threat prevention.
  • Read the mandate here >>

Learn More About Each Mandate

TC:Edge M-21-31 Compliance


EL1 - 0

  • Email filtering, spam and phishing – IP and domain reputation
  • Network device infrastructure – IP, URL, hostname, DNS, DHCP, WIFI, session, response
  • Cloud environments – Full layer 2 data capture of cloud providers -AWS, Azure, GCP, etc.
  • CISA and FBI Access- Real time access via API or credentials to appropriate federal agencies


EL2 - 1

  • Email filtering, spam and phishing – Content filtering
  • Anti-virus and malware protection – IP, port, hostname, hash, action taken
  • Network device infrastructure - Hash, hostname, IP, port, MAC, protocol, signature
  • Web application – URL, headers, HTTP methods/response, response codes
  • Container – Supply chain – full imagine inspection and remediation
  • Full session packet capture – inbound and outbound break and inspect


EL2 - 2

  • Email filtering, spam and phishing – Full inspection of email and attachment, headers, rules
  • Network traffic - Full packet capture data – decrypted and unencrypted
  • Application level – COTS and Non-COTS
  • Container - Hash, malware detection, network and process monitoring, file and object


EL3 - 3

  • Advanced centralized access – Logs available to the highest agency level
  • Mainframes – Log4j, sysout, syslog, IDS, SMF, RMF
  • User behavior monitoring – Lateral movement, compromised system, host, device, access
  • Container – Full event mitigation at the container level, logging
  • Orchestration, automation and response – Fully automated mitigation and SOAR integration

"Trinity Cyber’s profound technical breakthrough is designed expressly to ‘shift the advantage to the defenders.' I and the Trinity Cyber team are delighted that the Biden Administration’s National Cybersecurity Strategy recognizes that as the core goal for our country.”

Thomas P. Bossert, President at Trinity Cyber, Inc.

Worried about these mandates? We have you covered. Learn more below.

headshot-johnfraser"Major institutions, including federal agencies, universities, and large enterprises in a dozen verticals are deploying Trinity Cyber at massive scale and with great effect," says recently appointed Director of Federal Business, John Fraser. "These organizations are achieving dramatically better security results with Trinity Cyber, including neutralizing and preventing entire classes of threats, virtually patching hundreds of CVEs, catching threats missed by other security products, reducing false positives to a rate that is better than 0.03%, and decreasing incident response workloads."

Talk to a security expert today to see a live demo or learn more about options to buy through our strategic partners or contract holders.