OMB Control No.: 1670-0037; Expiration Date: 12/31/2021

CISA Incident Reporting System

The CISA Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to CISA. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis. If you would like to report a computer security incident, please complete the following form. Please provide as much information as you can to answer the following questions to allow CISA to understand your incident.
+ More Detail

What is an incident?

For the federal government, incident, as defined by the Federal Information Security Modernization Act of 2014 (44 USC 3552), means an occurrence that-

(A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or

(B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.

Federal incident notification guidelines, including definitions and reporting timeframes can be found at https://www.us-cert.gov/incident-notification-guidelines.

In general, types of activity that may qualify as an incident include but are not limited to:

network intrusions that gain unauthorized access to a system or its data, including Personally Identifiable Information (PII) related incidents
malicious disruption or denial of service
the unauthorized use of a system for modifying data
changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent

We encourage you to report any activities that you feel meet the definition of an incident.

Using the CISA Incident Reporting System

In order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are marked with a red asterisk. This website uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) to provide more secure communications than unencrypted email.

Do not copy and paste malicious code directly into this form. Fill out this incident report in detail. Then, provide the resulting CISA Incident ID number in the Open Incident ID field of the Malware Analysis Submission Form where you can submit a file containing the malicious code.

Please refrain from including PII or SPII in incident submissions unless the information is necessary to understanding the nature of the cybersecurity incident.

Show Pending Required Fields Panel

<

Show Malware Submissions Panel

<

All fields are optional unless marked * Required

<

Pending Required Fields

<

Malware Submissions

I am:

the impacted user

reporting on behalf of the impacted user

MY CONTACT INFORMATION

Please provide your contact information so that we are able to contact you should we need to follow-up. Your contact information is not required to submit a report using this form. However, incomplete contact information may limit US-CERT's ability to process or act on your report.

First Name

Last Name

Telephone

Email Address * Required

IMPACTED USER'S CONTACT INFORMATION

I would like to report the impacted user's contact information and have the individual's consent to do so.

First Name

Last Name

Telephone

Email Address

MY ORGANIZATION

What type of organization are you? * Required

With which federal agency are you affiliated? * Required

Please select your sub-agency below after selecting parent agency above (if applicable):

Select your State: * Required

Please enter your SLTT organization name: * Required

Please enter your organization name (if applicable):

Please enter the name of your tribal territory

Please select the country in which you are located * Required

Is your organization a national CSIRT?

Yes

Please enter your company name:

Please specify either Business or Individual * Required

Business

Individual

Please enter your company name:

Please select the critical infrastructure sector you belong to: * Required

Please select the subagency you belong to: * Required

Please enter the organization's internal tracking number (if applicable):

DATE AND TIME INFORMATION

When, approximately, did the incident start?

When was this incident detected? * Required

From what timezone are you making this report?

INCIDENT DESCRIPTION

Please enter a brief description of the incident:

IMPACT DETAILS

Was the confidentiality, integrity, and/or availability of your organization's information systems potentially compromised? * Required

Yes

Privacy Act Statement

Authority: 5 U.S.C. § 301 and 44 U.S.C. § 3101 authorize the collection of this information.
Purpose: The primary purpose for the collection of this information is to allow the Department of Homeland Security to contact you about your request.
Routine Uses: The information collected may be disclosed as generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act of 1974, as amended. This includes using the information as necessary and authorized by the routine uses published in DHS/ALL-002 - Department of Homeland Security (DHS) Mailing and Other Lists System November 25, 2008, 73 FR 71659.
Disclosure: Providing this information is voluntary. However, failure to provide this information will prevent DHS from contacting you in the event there are questions about your request.

Version: 3.0 | Report ID: 2020-USCERTv32H1DWY | Date: 202011102228
Email comments and feedback on the Incident Reporting Form

Incident Reporting System