What is an incident?
A good but fairly general definition of an incident is the act of violating an explicit or implied security policy. Unfortunately, this definition relies on the existence of a security policy that, while generally understood, varies among organizations.
For the federal government, an incident, defined by NIST Special Publication 800-61, is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. Federal incident notification guidelines, including definitions and reporting timeframes can be found at https://www.us-cert.gov/incident-notification-guidelines.
In general, types of activity that are commonly recognized as being in violation of a typical security policy include but are not limited to:
- attempts (either failed or successful) to gain unauthorized access to a system or its data, including Personally Identifiable Information (PII) related incidents. For more information on the privacy guidelines for incident handling, refer to the DHS Privacy Incident Handling Guidance (PIHG).
- unwanted disruption or denial of service
- the unauthorized use of a system for processing or storing data
- changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent
We encourage you to report any activities that you feel meet the criteria for an incident. Note that our policy is to keep any information specific to your site confidential unless we receive your permission to release that information.
Using the Incident Reporting System
In order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are marked with a red asterisk. This website uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) to provide secure communications. This method of communication is much more secure than unencrypted email.
Do not copy and paste malicious code directly into this form. Fill out this incident report in detail. Then, provide the resulting Incident ID number in the Open Incident ID field of the Malware Analysis Submission Form where you can submit a file containing the malicious code.
Please do not submit Personally Identifiable Information (PII) data or other sensitive information using this form. If you need to communicate this information to us, please send encrypted email to the US-CERT Security Operations Center (soc@us-cert.gov(link sends e-mail)). PGP/GPG key available at https://www.us-cert.gov/contact-us.