U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

About Us

Our Mission

The National Cybersecurity and Communications Integration Center’s (NCCIC) mission is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation’s flagship cyber defense, incident response, and operational integration center.

Since 2009, NCCIC has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating our 24/7 situational awareness, analysis, and incident response center.

Our Vision and Guiding Principles

NCCIC’s vision is a secure and robust cyber and communications infrastructure, resilient against attacks and disruption. In pursuing our vision, we adhere to a number of Guiding Principles:

  • Put Customers First. Understand and meet our customer and constituent needs quickly and completely.

  • Lead the Global Mission. In service to our national interests, serve as a global ambassador for cyber and communications security expertise, excellence, and information.

  • Be an Active Force for Good. Defend the homeland by being the first and best option to identify, understand, prevent, protect, and respond to significant threats and exploitations of our cyber and communications infrastructure.

  • Drive Innovation. Stay on the cutting edge of innovation to bring down risk, learning from past experiences and anticipating change. Inspire others to better understand and apply cyber and communications knowledge and tools.

  • Be Right, Be Fast. Connect people-to-people and people-to-content to build community knowledge. Share threat and vulnerability information quickly and broadly, while maintaining the confidence and trust of our stakeholders and the constitutional rights of the American people.

  • Earn Trust. Relentlessly build our reputation as the authoritative source of information and a dependable partner through technical excellence and accurate, timely analysis. We are the experts other professionals turn to for help.

What We Do

NCCIC provides a year in review to the public for the opportunity to better understand our accomplishments and how we have progressed during the past fiscal year.

NCCIC is a hub for information and expertise. We are a global exchange for cyber and communications information, sharing what we receive back to the cybersecurity community.

  • We build risk awareness and help people understand how to mitigate threats and vulnerabilities.
  • We help customers take action to improve their risk posture and support a common operational picture of the national cyber and communications risk landscape.
  • We defend federal networks and respond to significant incidents.
  • We are here for our partners and customers when they need help. We vigilantly defend the Federal Government’s critical networks and stand ready to respond to attacks on both government and private sector networks.

Our Critical Mission Activities

  • Information exchange, 
  • Training and exercises,
  • Risk and vulnerability assessments,
  • Data synthesis and analysis,
  • Operational planning and coordination,
  • Watch operations, and
  • Incident response and recovery. 

Our History

The below graphic depicts the rich history of NCCIC’s organizational structure, which was comprised of the following legacy organizations:

  • NCS – National Communications System
  • NCC – National Coordinating Center (NCC) for communications
  • US-CERT – United States Computer Emergency Readiness Team
  • ICS-CERT – Industrial Control Systems Cyber Emergency Response Team

Timeline of NCCIC History

Throughout 2017, NCCIC realigned its organizational structure and integrated like functions previously performed independently by the United States Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). This structure combines intersecting roles from the below legacy organizations to enhance the effectiveness of NCCIC’s cybersecurity and communications mission.Illustration of NCCIC's History.1963: Presidential Memorandum established the National Communications System (NCS).1984: Executive Order 12472 expands NCS to include National Security and Emergency Preparedness (NS/EP) and establishes the National Coordinating Center (NCC) for communications.2000: the White House officially designates NCC as the Information Sharing and Analysis Center (ISAC) for Telecommunications.2000: Congress Created Federal Computer Incident Response Center (FedCIRC) at GSA to handle growing number of cyber breaches.2002: DHS established by the Homeland Security Act.2003: NCS moves from the DOD to DHS.2003: Congress moves FedCIRC to newly formed DHS; renames as US-CERT and expands the mission to include cybersecurity.2004: DHS establishes the Control Systems Security Program (CSSP).2009: National Security Telecommunications Advisory Committee (NSTAC) recommends establishing joint collaboration center that becomes basis for NCCIC.2009: DHS establishes ICSCERT, replacing CSSP.2009: DHS establishes the NCCIC.2012: Executive Order 13618 disbands the National Communications System (NCS); NCC assumes these new responsibilities.2012: NCCIC co-locates USCERT, ICS-CERT, and NCC into NCCIC watch floor.2015: The Cybersecurity Act of 2015 designates NCCIC as the central hub for cyber threat indicator sharing between government and the private sector.2017 to Present: DHS streamlines organizational structure, moving US-CERT, ICS-CERT, and NCC into a single NCCIC organizational structure.

Frequently Asked Questions

What is considered a computer security incident?
A computer security incident within the U.S. Federal Government is defined by NCCIC and the U.S. National Institute of Standards and Technology as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

How do I report an incident to NCCIC?
NCCIC offers secure web forms for users to report incidents, report indicators, report phishing, and submit malware artifacts.

Does NCCIC have incident reporting guidelines available?
Yes, NCCIC's Incident Notification Guidelines provides guidance for submitting notifications to NCCIC.

What types of informational products does NCCIC offer? How do I sign up to receive these products?
NCCIC shares timely, actionable information to the broadest extent possible.

Subscriptions are available to all users for:

  • Weekly Vulnerability Bulletins, containing a summary of new vulnerabilities documented in the U.S. National Vulnerability Database (NVD) the week prior, as well as patch information when available.
  • Activity Alerts, providing users with information about vulnerabilities, incidents, and trends that pose a significant risk, as well as mitigations to minimize loss of information and disruption of services. Activity Alerts do not provide in-depth analysis.
  • Current Activity entries, containing a concise description of an issue and associated actions that a user can take to diminish exposure.
  • Tips, detailing issues with general appeal to NCCIC’s constituents.

To receive one or more NCCIC products via email, visit our Mailing Lists and Feeds webpage.
NCCIC also co-sponsors the NVD—the U.S. Government’s repository of standards-based vulnerability management data.

How do I report a vulnerability?
Vulnerabilities can be reported to the CERT Coordination Center (CERT/CC). CERT/CC is tasked by the NCCIC to serve as a trusted third party in the vulnerability coordination and disclosure process.

Does the CERT Coordination Center (CERT/CC) have a vulnerability disclosure policy?
Yes, it is available publically, here: http://www.cert.org/vulnerability-analysis/vul-disclosure.cfm

What happens if I share my info with NCCIC?
As a global information exchange hub, NCCIC bears a significant responsibility to protect the information we receive and to ensure we safeguard privacy, business confidentiality, civil rights, and civil liberties. We take this responsibility extremely seriously and we do everything in our power to earn our stakeholders’ trust by maintaining the confidentiality of sensitive information.

NCCIC routinely leverages the information sharing Traffic Light Protocol (TLP). TLP is not a classification tool, rather an intuitive schema to guide distribution according to relative risk.

NCCIC also serves as the Federal Government’s capability and process for receiving cyber threat indicators and defensive measures from non-federal entities under the Cybersecurity Information Sharing Act of 2015. Non-federal entities sharing cyber threat indicators and defensive measures with the NCCIC in compliance with CISA’s requirements are eligible for multiple protections spelled out in CISA. These include:

  • Liability protection for sharing cyber threat indicators;
  • Exemption from disclosure under state and federal disclosure laws, including the Freedom of Information Act (FOIA);
  • Exemption from state and federal regulatory uses; 
  • No waiver of applicable privileges, such as the attorney-client privilege; 
  • Treatment as commercial, financial, or proprietary information when so designated by the submitter;
  • Ex parte communications waiver; and 
  • Exemption from federal antitrust laws.

For more information, consult the Non-Federal Entity Sharing Guidance under the Cybersecurity Information Sharing Act of 2015, posted at https://www.us-cert.gov/ais.

In addition, entities can submit information for protection under the Critical Infrastructure Information Act of 2002. Once validated by DHS as Protected Critical Infrastructure Information (PCII), this information is protected from:

  • Exemption from disclosure under state and federal disclosure laws, including the Freedom of Information Act (FOIA),
  • Protection from use in regulatory actions, and
  • Protection from use in civil litigation.

Only trained and certified federal, state, and local government employees or contractors may access PCII and only in accordance with strict safeguarding and handling requirements. In all instances, NCCIC prioritizes the security and privacy of information when sharing with its partners.      

Who are NCCIC’s partners?
NCCIC exchanges information across the global cyber security community to improve the security of the Nation’s critical infrastructure and the systems and assets on which Americans depend. Partners with which NCCIC may share anonymized information include U.S. federal agencies, private sector organizations, the research community, state, local, tribal, and territorial (SLTT) governments, and international entities.

What other services does NCCIC offer?
NCCIC stakeholders include the Federal Government, SLTT governments, the private sector, and international partners. All services listed in the below menus are available at no cost.

NCCIC Service Menus

I work within the cyber security community, and I am interested in joining the NCCIC team. How do I find information about opportunities at NCCIC?
Current position openings can be found on the NCCIC Career Opportunities page, or by searching on www.usajobs.gov.

Our RFC 2350 Description

This information is also available in a RFC 2350 text file with its accompanying signature. NCCIC PGP key is available on our Contact Us webpage.

Back to Top