Cyber Incident Reporting

Cyber incident reporting for defense contractors refers to the obligation under DFARS 252.204-7012 to report cyber incidents affecting CUI to the DoD within 72 hours of discovery. Reports are submitted through the DIBNet portal and must include information about the incident, affected systems, and compromised data.

The 72-hour clock starts when you discover the incident, not when you've completed your investigation. This means you need detection capabilities to discover incidents promptly and pre-established reporting procedures so you can meet the timeline. Contractors must also preserve images of affected systems and relevant monitoring data for at least 90 days.

Why It Matters

Failure to report cyber incidents within the required timeframe is a contract violation. Having detection capabilities, an incident response plan with clear reporting triggers, and knowledge of the DIBNet reporting process ensures you can meet this obligation.