United States Federal Government
Private Sector
Foreign Government
Individual
State, Local, Tribal, or Territorial (SLTT) Government (U.S.)

Critical Infrastructure Owner: *
Yes  No


Industry Sector (If Applicable):


Incident Start Date: mm/dd/yyyy *


Incident Start Time: 
 

Incident Detected Date: mm/dd/yyyy *


Incident Detected Time: 
  

Impact Details

Is the confidentiality, integrity, and/or availability of the organization’s information systems affected? *
Yes  No


Please define the functional impact to the organization by selecting one of the following: *

High – Organization has lost the ability to provide all critical services to all system users.
Medium – Organization has lost the ability to provide a critical service to a subset of system users.
Low – Organization has experienced a loss of efficiency, but can still provide all critical services to all users with minimal effect on performance.
None – Organization as experienced no loss in ability to provide all services to all users.

What is number of systems impacted (if known)?


How many users are impacted (if known)?



What operating systems (OS) are impacted?
OS Name:

 OS Version:



How was this incident detected? *

By an Administrator
AV Software
Intrusion Detection System
Log Review by an Analyst
By a User
Other
Unknown

What is the function of the system(s) affected? Please select all that apply: *

Application Server(s)
Database Server(s)
Domain Name Server(s)
Mail Server(s)
Time Server(s)
Web Server(s)
Other Server(s)
Firewall(s)
SCADA System(s)
Switch(s)
Router(s)
Desktop(s)
Laptop(s)


Please enter the attacking Internet Protocol (IP) address(es):
 IP Address:

Port:

 Protocol:


[Add another attacking Internet Protocol (IP) address(es), Port Protocol]:
 IP Address:

Port:

 Protocol:




Please paste network flow here (if available):

Threat Vectors

Please select at least one threat vector:*

Attrition
Web
Email
External/Removable Media
Impersonation/Spoofing
Improper Usage
Loss or Theft of Equipment
Physical Cause
Other
Unknown

Cyber Incident Report Type: *

Cyber Fraud
Data Destruction
Data Theft
DoS/DDoS/TDoS
Malware/Ransomware
Network Intrusion
Other
Phishing/Spear phishing
Suspicious Network Traffic
Website Defacement

Information Impact to the Organization


Was the confidentiality of classified information compromised? *
Yes  No

Was proprietary information such as protected critical infrastructure information (PCII), intellectual property, or a trade secret accessed or exfiltrated? *
Yes  No

Was personally identifiable information (PII) such as taxpayer, employee, or beneficiary accessed or exfiltrated? *
Yes  No

Was protected health information (PHI) such as medical history, test and laboratory results, insurance information accessed or exfiltrated? *
Yes  No

Was sensitive or proprietary information modified or deleted? *
Yes  No Unknown

Please select the organization’s recoverability for this incident: *

Regular – Time to recovery is predictable with existing resources.
Supplemented – Time to recovery is predictable with additional resources.
Extended – Time to recovery is unpredictable; additional resources and outside help are needed.
Not recoverable – Recovery from this incident is not possible (e.g., sensitive data exfiltrated and posted publicly).

Narrative of Events: