New cyber incident notification guidelines take effect April 1, 2017

Tony Ware reports:

The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications.

An “incident” is defined by the Federal Information Security Modernization Act of 2014 as “an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.”

Read more on Federal Times.

Related: US-CERT Federal Incident Notification Guidelines

About the author: Dissent