10 April 2017

New cyber incident reporting starts April 1 for feds


by Tony Ware

Cyber incidents remain on the rise, and any computer security incident impacting the confidentiality, integrity or availability of a federal government information system must be reported to the U.S. Computer Emergency Readiness Team within one hour under new requirements set to go into effect April 1.

The US-CERT guidelines support the National Cybersecurity and Communications Integration Center’s mission objectives to improve the recognition of significant incidents, information sharing and situational awareness, and faster incident response times.

These reporting requirements affect all federal departments and agencies; state, local, tribal and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations.

After identifying an information system compromise, an impacted party’s Computer Security Incident Response Team, Security Operations Center or IT department is to designate a point of contact and submit the breach’s functional impact; information impact; recoverability; initial detection; systems, records and users impacted; and network location. If known, attack vectors, indicators of compromise and mitigation activities should be included in the report.

Reports are to be submitted using the NCCIC/US-CERT Incident Reporting Form, by email to soc@us-cert.gov, or via Structured Threat Information eXpression to autosubmit@us-cert.gov.

This information aids US-CERT in assessing the national-level severity and priority of the incident, which will dictate further action.

A PDF containing US-CERT’s complete guidelines for submitting incident notifications can be found on US-CERT.gov.

No comments: