The CISA Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to CISA. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis. If you would like to report a computer security incident, please complete the following form. Please provide as much information as you can to answer the following questions to allow CISA to understand your incident. Do not copy and paste malicious code directly into this form. Fill out this incident report in detail. Then, provide the resulting CISA Incident ID number in the Open Incident ID field of the Malware Analysis Submission Form where you can submit a file containing the malicious code.
+ More Detail
For the federal government, incident, as defined by the Federal Information Security Modernization Act of 2014 (44 USC 3552), means an occurrence that-
(A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or
(B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Federal incident notification guidelines, including definitions and reporting timeframes can be found at https://www.us-cert.gov/incident-notification-guidelines.
In general, types of activity that may qualify as an incident include but are not limited to:
We encourage you to report any activities that you feel meet the definition of an incident.
In order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are marked with a red asterisk. This website uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) to provide more secure communications than unencrypted email.
Do not copy and paste malicious code directly into this form. Fill out this incident report in detail. Then, provide the resulting CISA Incident ID number in the Open Incident ID field of the Malware Analysis Submission Form where you can submit a file containing the malicious code.
Please refrain from including PII or SPII in incident submissions unless the information is necessary to understanding the nature of the cybersecurity incident.
Javascript is disabled in your browser. This will cause some areas of the form to be unavailable. Enable Javascript to access the complete form.
Authority: 5 U.S.C. § 301 and 44 U.S.C. § 3101 authorize the collection of this information. Purpose: The primary purpose for the collection of this information is to allow the Department of Homeland Security to contact you about your request. Routine Uses: The information collected may be disclosed as generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act of 1974, as amended. This includes using the information as necessary and authorized by the routine uses published in DHS/ALL-002 - Department of Homeland Security (DHS) Mailing and Other Lists System November 25, 2008, 73 FR 71659. Disclosure: Some entities are regulatorily or statutorily required to submit incident reports to DHS, and those entities must provide information in this form as required by applicable statute, regulation, or similar mandate. Failure for provide this information may result in inaccurate record keeping of the entity’s compliance. For non-mandatory incident reporting, providing this information is voluntary. However, failure to provide this information will prevent DHS from contacting you in the event there are questions about your report.
