Download:
pdf |
pdf,
DoD's Defense Industrial
C
X
I Cl dibnet.dod.mil
'IVelcome to the DoD's 016 Cyber Incident Reporting
& CyberThreat lnfonnation Sharing Portal
Text only version
Home
8
Contact
Resources,
Report a Cyber Incident
Access to this page requires a DoD-approved
medium assurance certificate. For more
infonnation please visit the ECA website.
Report a Cyber Incident
U.S. Oepartment of Oefense (DoD)
DoD Chief lnfonnation Officer (CIO)
DoD Cyber Crime Center (DC3)
Defense Security SelVice (DSS)
Department of Homeland Security (OHS)
Enhanced Cybersecurity Seivices (ECS)
• Defense Security lnfonnation Exchange (DSIE)
•
•
•
•
•
https:1 ld1bnet.dod.mil/web/d1bnet
Applyorlogm,
(§)
Apply to DIB CS Program
Cleared defense contractors apply to join the
DIS C S Program for voluntary cyber threat
infonnation sharing. Access requires a DoDapproved me:n1
Information
S1.rppla-'rn:n1al
lncmm Information
Ill. Ancillary
Information
Previa-Y,
Voluntary Cyber Threat Information Sharing/Indicator Only Report
This lnckient Coifectkln Fom,at (ICF) j s used by DcO contractors to subm.it volunta,y cyber threat jnfom,afjon to the DCltDCISC.
Contractors should use this format to share cyber threat jnfom,ation that is cf .interest fer cyber situatfonal awareness
»1dicators that may be valuable jn afert»ig ethers to better counter threat actor activity.
as weJf as cyber threat
The jnfom,ation wilt be shared a , a non-attribution bask. Attribution infom,ation uniquely identifies the respondent or respondent's unique
business activities, whether directly or indirectly, to include the grouping cf data elements that direc.tly pcint to the respondent (e.g., ccnipany
facjj.ify location, ccnipany prcptietary jnfom,atkln, etc). DCltDCISE' will use the jnfom,ation to prepare analytic products or response actions
that doe$ net assign attribution to the cn·ginater. e.g., jnfom,ation regartnng threats, vulnerabilities, best practices, etc.
Non attribution products developed by DCltDCISE' wilt be disseminated to Federal Gcvemment Agencies and participants jn the volunta,y
DcD-DIB cybersecwity jnfom,ation sharing program.
Freedom cf lnfcm,atkln Act (FOIA). Agency reoords, which may jncJude quafffying jnfo,matkln received from non-federal entitiN, are subject to
request uno'er the Freedoo1 cf lnfom,aticn Act (5 U.S.C. 562) (FOIA), which is irnplemented m the Department cf Defense by DcD Directive
5400.07 and DcD Regulatkln 5400. 7-R (see 32 C.F.R. Parts 285 and 286, respectively). Pursuant to established procedJres and applicable
regulations, the Gcvemment wilt prefect sensitive nonpublic infom,ation under this Program against unauthorized public disclosure by assert»ig
applieable FOIA exemptions, and wilt jnfom, the non-Gcvemment source er submitter (e.g., DIS participants) cf any such jnfcm,ation that may
be subject to release jn response to a FOIA request, to pe,mit the source or subm.itter to support the withholding cf such jnfom,ation or pursue
any ether available legal remedies.
Questions marked with
General Information Collection
t: Are
you a participant in the 018 CS/1A Program?
0 Yes O No
I s this an Indicator Only submission?
0 Yes O No
• Is this a follow·on report?(?:
0 Yes O No
" Has this information been shared with any other Federal Government agency?
0 Yes O No
Enter Other Government Tra::king Numbers (if applicable)
Cancel
Unclassified for Official Use Only (When Filled Out)
are required.
0704-0489
XXXXXXXX
General lnformiltion
I. Cyba-r lncida-nt
Ra-pon Information
II. lncida-nt
Information
Si.rppla-ma-ntal
lncida-m Information
Ill. Ancillary
Information
Pr viw,
Company Identification Information
*Company Name
Company Point of Contact Information (Poe
* Last Name
1)
* First Name
* Title/Position
*Address
* State
*City
* Telephone
*Email Address
* Postal Code
I
* Time Zone
Choose
Add Additional Point of Conta,t
O Yes O No
Cancel
Previous
Unclassified for Official Use Only (When Filled Out)
.I
0704-0489
XXXXXXXX
I. Cyber Incident
Report Information
Gene-ral lnform.ition
II. lncida-111
Information
St.rpp n1al
Inc.idem Information
Ill. Ancillary
Information
Pr:vE'o',
Incident Information
C$IHour •)
Date Incident Discovered
C$IHour •]
Date incident Occurred
location(s) of Incident
*Incident location CAGE Code
I
Incident Outcome
Choose
Date incident Res.olved
'--------'®
I
Dete::tion Method
Choose
I
* Type of incident
Choose
8I
Time Zone
B I
Time Zone
.I
.I
(If not applicable, enter •NtA•}
.I
I
Hour •)
8 ,I
_T_;m_e_z_o_n_• _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
.)
.JJ
.I
*Jncident/lndi::ator Details/Narrative (including insertion of relevant
indi::ators}
For 018 CS/IA Program parti::ipants, the information included in this field will be shared in the Parti::ipant report. Pleas.e do not
include attributional or sensitive information, [?]
Cancel
Previous
Unclassified for Official U s e Only {When Filled Out)
0704-0489
XXXXXXXX
General lnforimtion
I.Cyber Incident
Report Information
II.Incident
Information
Su-ppla- r\lal
lncidem lnforrna1iori
Ill.Ancillary
In.formation
Supplemental Incident Information
Was PJI compromised or potentially compromis.ed in the occurrence?
O Yes O No O Potentially O Not Determined
Description of technique or method us.ed in incident(s.)
[ Choose
•J
Known APT Involved
0 Yes O No ® Unknown
Incident Detected by DC3/DCISE Indicator
O Yes O No
Any additional information relevant to the incident not included above (Note: This. respons.e may contain attributional or s.ens.itive
information, It is. for DC3/DCISE us.eonly,)
Cancel
Previous
Unclassified for Official Use Only (When Filled Out)
0704-0489
XXXXXXXX
Gene-ral lnform.ition
I. Cyber Incident
Report Information
IL Incident
Information
Supplementa.l
Incident Information
Ill. Ancillary
Information
Pr:vE'o',
Ancillary Information /Questions
• Does this report include known or potential sensitive Personally Identifiable Information (PJI)?
O Yes @ No
• Do you authorize DC3 to prov ide this report with attribution to DSS?
O Yes ® No
• Has Malicious software related to the cyber incident been isolated and ready for submission to DC3/DCISE? The ma/ware
submissjon form may be cessed rhrough rhe link provided on rhe Resulrs page once rhe /CF has been submi'rred.
O Yes ® No
Cancel
Previous
Unclassified for Official Use Only (When Filled Out)
General Information
I. Cyber Incident
Report Information
II. Incident
Information
Supplemental
Incident Information
Ill. Ancillary
Information
ev •ti
ATIENTION: You must select the "Next'' ,button at the bottom of this page
in order to complete the submission of this form.
--
-
You entered follo\i\1inginformation:
Volluntary Cyber Threat Information Sharing/lindicator ,Qnly iReport
General Information Collection
Are you a part· ipan in he D B CS/ Prog ram? Yes
s th" an nd· a or Only submiss· n? No
th· a ol ·on r,epo ? No
Has h" int rmation been shar,ed · h any her Federal Government agency? No
Cyber Incident Report Information
tyu
Company Identification Information
Company ame: ,dingo inc
Con1pany Point of ·Contact Infom,ation
Contact #1
Last Name: non
ddress: non
c· : no
St· e: n
Pos tal Code: 00000
e ph ne:00000000
Email ddress: asd ads.com
ime Z ne: EASTERN STANDARD TIME
lncid·ent Information
ncident Loca · n CAGE Code ( not appl" able, en er ' /A'): 00000
ype inciden : Unauthorized Access
nciden nd· a or Detai /Narrative (including inse · n of relevan indicat rs). For D B CS/
Program part· ipan s. the in ormation included in th· eld \lill be shared in the Part· ipan rep
r sens· ive in rmat· n: N/ A
. Please do not include attribut· nal
Supplemental Incident Information
Kn
n
nvolved: Unknown
Ancillary lnformation/Qu.estions
Does this rep
include kno \In or pot,ent· I sens· ive Personally den · ble n ormat· n (P }? No
Do you author· e DC3 to provide th" report ·hat ribu · n t,o DSS? No
Do you require pre·publ" at ion revie, of the ·Cus omer Response Form (CRF}? No
Has , al" · us so •are relat,ed o he cyber inciden been · ola ,ed and ready or subm· s· n to DC3/DClSE? No
Unclassified for Official Use Only {When Filled Out)
File Type | application/pdf |
File Modified | 2019-09-30 |
File Created | 2016-08-05 |