The US-CERT Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to US-CERT. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis. If you would like to report a computer security incident, please complete the following form.
A good but fairly general definition of an incident is the act of violating an explicit or implied security policy. Unfortunately, this definition relies on the existence of a security policy that, while generally understood, varies among organizations.
For the federal government, an incident, defined by NIST Special Publication 800-61, is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. Federal incident reporting guidelines, including definitions and reporting timeframes can be found at http://www.us-cert.gov/government-users/reporting-requirements.html.
In general, types of activity that are commonly recognized as being in violation of a typical security policy include but are not limited to:
We encourage you to report any activities that you feel meet the criteria for an incident. Note that our policy is to keep any information specific to your site confidential unless we receive your permission to release that information.
In order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are labeled "Required". As always, we will protect your sensitive information. This web site uses Secure Sockets Layer (SSL) to provide secure communications. Your browser must allow at least 40-bit encryption. This method of communication is much more secure than unencrypted email.