United States Federal GovernmentPrivate SectorForeign GovernmentIndividualState, Local, Tribal, or Territorial (SLTT) Government (U.S.)Critical Infrastructure Owner: *Yes NoIndustry Sector (If Applicable):Incident Start Date: mm/dd/yyyy *Incident Start Time: Incident Detected Date: mm/dd/yyyy *Incident Detected Time: Impact DetailsIs the confidentiality, integrity, and/or availability of the organization’s information systems affected? *Yes NoPlease define the functional impact to the organization by selecting one of the following: *
High – Organization has lost the ability to provide all critical services to all system users.Medium – Organization has lost the ability to provide a critical service to a subset of system users.Low – Organization has experienced a loss of efficiency, but can still provide all critical services to all users with minimal effect on performance.None – Organization as experienced no loss in ability to provide all services to all users.
What is number of systems impacted (if known)?How many users are impacted (if known)?What operating systems (OS) are impacted?OS Name: OS Version:How was this incident detected? *
By an AdministratorAV SoftwareIntrusion Detection SystemLog Review by an AnalystBy a UserOtherUnknown
What is the function of the system(s) affected? Please select all that apply: *
Application Server(s)Database Server(s)Domain Name Server(s)Mail Server(s)Time Server(s)Web Server(s)Other Server(s)Firewall(s)SCADA System(s)Switch(s)Router(s)Desktop(s)Laptop(s)Please enter the attacking Internet Protocol (IP) address(es): IP Address:Port: Protocol:[Add another attacking Internet Protocol (IP) address(es), Port Protocol]: IP Address:Port: Protocol:Please paste network flow here (if available):
Threat VectorsPlease select at least one threat vector:*AttritionWebEmailExternal/Removable MediaImpersonation/SpoofingImproper UsageLoss or Theft of EquipmentPhysical CauseOtherUnknown
Cyber Incident Report Type: *
Cyber FraudData DestructionData TheftDoS/DDoS/TDoSMalware/RansomwareNetwork IntrusionOtherPhishing/Spear phishingSuspicious Network TrafficWebsite Defacement
Information Impact to the OrganizationWas the confidentiality of classified information compromised? *Yes NoWas proprietary information such as protected critical infrastructure information (PCII), intellectual property, or a trade secret accessed or exfiltrated? *Yes NoWas personally identifiable information (PII) such as taxpayer, employee, or beneficiary accessed or exfiltrated? *Yes NoWas protected health information (PHI) such as medical history, test and laboratory results, insurance information accessed or exfiltrated? *Yes NoWas sensitive or proprietary information modified or deleted? *Yes No Unknown
Please select the organization’s recoverability for this incident: *
Regular – Time to recovery is predictable with existing resources.Supplemented – Time to recovery is predictable with additional resources.Extended – Time to recovery is unpredictable; additional resources and outside help are needed.Not recoverable – Recovery from this incident is not possible (e.g., sensitive data exfiltrated and posted publicly).
Narrative of Events: