Cyber Threat and Computer Intrusion
Incident Reporting Guidelines
This form may be used as a guide
or vehicle for reporting cyber threat and computer intrusion
incident information to the NIPC or other law enforcement organization.
It is recommended that these Cyber Incident Reporting Guidelines
be used when submitting a report to a local FBI Field Office.
Do NOT include CLASSIFIED information
on this form unless you adhere to applicable procedures for proper
marking, handling and transmission of classified information.
Please contact NIPC Watch Operations Center (202) 323-3205 to
arrange secure means to submit classified information.
Information concerning the identity of the reporting agency,
department, company, or individual(s) will be treated on a confidential
basis. If additional information is required, you will be contacted
directly.
Report Date/Time:
Point of Contact (POC)
Information
Name:
Title:
Telephone/Fax Number:
E-mail:
Organization:
Address: Street:
City:
State:
Zip Code:
Country:
Incident Information
- Name of Organization: (if same as above,
enter "SAME")
(Check here if Federal Government Agency)
Organization's contact Information:
Telephone Number:
Address: (if same as above, enter "SAME")
Street:
City, State, Zip Code:
Country:
E-mail:
- Physical Location (s) of victim's computer
system/network (Be Specific):
- Date/Time and duration of incident:
- Is the affected system/network critical
to the organization?
- Critical Infrastructure sector(s) affected.
(Check only one)
- Nature of Problem? (Check only
one)
- Has this problem been experienced before?
(If yes, please explain in remarks section):
- Suspect method of intrusion/attack
(Check only one)
- Suspect perpetrator(s) or possible
motivation(s) of the attack (Check only one)
- The apparent source (IP address) of
the intrusion/attack:
- Evidence of spoofing?
- What computers/systems (hardware and
software) were affected? (Check only one)
(Operating system, version):
- Security Infrastructure in place. (Check
all that apply)
- Did the intrusion/attack result in
a loss/compromise of sensitive, classifed or proprietary information?
- Did the intrusion/attack result in
damage to system(s) or data?
- What actions and technical mitigation
have been taken?
- Has the local FBI field office been
informed?
- Has another agency/organization been
informed? If so, please provide name and phone number.
- When was the last time your system
was modified or update?
Date:
Company/Organization that did work (Address, phone, POC information):
- Is the System Administrator a contractor?
- In addition to being used for law enforcement
or national security purposes, the intrusion-related information I
reported may be shared with:
- Additional Remarks: (Please limit to
500 characters. Amplifying information may be submitted separately.)
If the reported incident is determined
to be a criminal matter you may be contacted by an agent for
additional information.
|