OMB Control No.: 60 day FRN open until; Expiration Date: 9/18/2017

US-CERT Incident Reporting System

The US-CERT Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to US-CERT. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis. If you would like to report a computer security incident, please complete the following form. Please provide as much information as you can to answer the following questions to allow US-CERT to understand your incident.
+ More Detail

What is an incident?

A good but fairly general definition of an incident is the act of violating an explicit or implied security policy. Unfortunately, this definition relies on the existence of a security policy that, while generally understood, varies among organizations.

For the federal government, an incident, defined by NIST Special Publication 800-61, is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. Federal incident notification guidelines, including definitions and reporting timeframes can be found at https://www.us-cert.gov/incident-notification-guidelines.

In general, types of activity that are commonly recognized as being in violation of a typical security policy include but are not limited to:

attempts (either failed or successful) to gain unauthorized access to a system or its data, including Personally Identifiable Information (PII) related incidents. For more information on the privacy guidelines for incident handling, refer to the DHS Privacy Incident Handling Guidance (PIHG).
unwanted disruption or denial of service
the unauthorized use of a system for processing or storing data
changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent

We encourage you to report any activities that you feel meet the criteria for an incident. Note that our policy is to keep any information specific to your site confidential unless we receive your permission to release that information.

Using the US-CERT Incident Reporting System

In order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are marked with a red asterisk. This website uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) to provide secure communications. This method of communication is much more secure than unencrypted email.

Do not copy and paste malicious code directly into this form. Fill out this incident report in detail. Then, provide the resulting US-CERT Incident ID number in the Open Incident ID field of the Malware Analysis Submission Form where you can submit a file containing the malicious code.

Please do not submit Personally Identifiable Information (PII) data or other sensitive information using this form. If you need to communicate this information to us, please send encrypted email to the US-CERT Security Operations Center (soc@us-cert.gov). PGP/GPG key available at https://www.us-cert.gov/contact-us.

Show Pending Required Fields Panel

<

Show Malware Submissions Panel

<

All fields are optional unless marked * Required

<

Pending Required Fields

<

Malware Submissions

I am:

the impacted user

reporting on behalf of the impacted user

MY CONTACT INFORMATION

Please provide your contact information so that we are able to contact you should we need to follow-up. Your contact information is not required to submit a report using this form. However, incomplete contact information may limit US-CERT's ability to process or act on your report.

First Name

Last Name

Telephone

Email Address * Required

IMPACTED USER'S CONTACT INFORMATION

I would like to report the impacted user's contact information and have the individual's consent to do so.

First Name

Last Name

Telephone

Email Address

MY ORGANIZATION

What type of organization are you? * Required

With which federal agency are you affiliated? * Required

Please select your sub-agency below after selecting parent agency above (if applicable):

Select your State: * Required

Please enter your SLTT organization name: * Required

Please enter your organization name (if applicable):

Please enter the name of your tribal territory

Please select the country in which you are located * Required

Is your organization a national CSIRT?

Yes

Please enter your company name:

Please specify either Business or Individual * Required

Business

Individual

Please enter your company name:

Please select the critical infrastructure sector you belong to: * Required

Please select the subagency you belong to: * Required

Please enter the organization's internal tracking number (if applicable):

DATE AND TIME INFORMATION

When, approximately, did the incident start?

When was this incident detected? * Required

From what timezone are you making this report?

INCIDENT DESCRIPTION

Please enter a brief description of the incident:

IMPACT DETAILS

Was the confidentiality, integrity, and/or availability of your organization's information systems potentially compromised? * Required

Yes

Privacy Act Statement

Authority: 5 U.S.C. § 301 and 44 U.S.C. § 3101 authorize the collection of this information.
Purpose: The primary purpose for the collection of this information is to allow the Department of Homeland Security to contact you about your request.
Routine Uses: The information collected may be disclosed as generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act of 1974, as amended. This includes using the information as necessary and authorized by the routine uses published in DHS/ALL-002 - Department of Homeland Security (DHS) Mailing and Other Lists System November 25, 2008, 73 FR 71659.
Disclosure: Providing this information is voluntary. However, failure to provide this information will prevent DHS from contacting you in the event there are questions about your request.

Version: 3.0 | Report ID: 2019-USCERTv322YBC3 | Date: 201901081603
Email comments and feedback on the Incident Reporting Form

Leave this field blank

US-CERT Incident Reporting System

What is an incident?

Using the US-CERT Incident Reporting System

<

<

<

Pending Required Fields

<

Malware Submissions

MY CONTACT INFORMATION

IMPACTED USER'S CONTACT INFORMATION

MY ORGANIZATION

DATE AND TIME INFORMATION

INCIDENT DESCRIPTION

IMPACT DETAILS

SYSTEM IMPACT

OBSERVED ACTIVITY

INFORMATION IMPACT

RECOVERY FROM INCIDENT

MAJOR INCIDENT

Privacy Act Statement

I Want To

Contact Us

US-CERT Incident Reporting System

What is an incident?

Using the US-CERT Incident Reporting System

<

<

<

Pending Required Fields

<

Malware Submissions

MY CONTACT INFORMATION

IMPACTED USER'S CONTACT INFORMATION

MY ORGANIZATION

DATE AND TIME INFORMATION

INCIDENT DESCRIPTION

IMPACT DETAILS

SYSTEM IMPACT

OBSERVED ACTIVITY

INFORMATION IMPACT

RECOVERY FROM INCIDENT

MAJOR INCIDENT

Privacy Act Statement

I Want To

Subscribe to Alerts

Contact Us