A Medium Assurance Certificate is required to report a Cyber Incident, applying to the DIB CS Program is not a prerequisite to report.
DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting
DFARS 252.239-7010 Cloud Computing Services
FAR 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities
FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment
Contact DoD Cyber Crime Center (DC3) DCISE@dc3.mil Hotline: (410) 981-0104 Toll Free: (877) 838-2174
The DIB CS Program is a voluntary public-private cybersecurity partnership in which DoD and participants share cyber threat information, mitigation and remediation strategies, and more.
DIB CS Participant Login Voluntary Report
The Cyber Threat Roundup is a weekly collection of recent open-source articles of interest for the Defense Industrial Base. For the latest edition of the Cyber Threat Roundup, please click here.
For more information about other products, please apply to the DIB CS Program.
DoD contractors shall report as much of the following information as can be obtained to DoD within 1 business day of identifying or being notified by a subcontractor that a covered article was provided to the Government during contract performance.
See FAR 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities for more information.
See FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment for more information.
DoD contractors shall report as much of the following information as can be obtained to DoD within 72 hours of discovery of any cyber incident.
See DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting for more information.
See DFARS 252.239-7010 Cloud Computing Services for more information.
DIB participants are encouraged to report information to promote sharing of cyber threat indicators that they believe are valuable in alerting the Government and others, as appropriate in order to better counter threat actor activity. Cyber incidents that are not compromises of covered defense information or do not adversely affect the contractor’s ability to perform operationally critical support may be of interest to the DIB and DoD for situational awareness purposes.
DoD established the Defense Industrial Base (DIB) Cybersecurity (CS) Program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on or transits DIB unclassified networks or information systems. This public-private cybersecurity partnership is designed to improve DIB network defenses, reduce damage to critical programs, and increase DoD and DIB cyber situational awareness. Under the DIB CS Program, DoD and DIB participants share unclassified and classified cyber threat information.
See 32 Code of Federal Regulations (CFR) Part 236, DoD's DIB Cybersecurity Activities for more information.
DoD contractors submit an application by clicking here. Access to DoD's DIB Cybersecurity information sharing program application requires a DoD-approved medium assurance certificate. For information on obtaining a DoD-approved medium assurance certificate, please click here. Please also note that the online application process will only permit one application account per company. The company applicant must be a U.S. citizen and authorized to act on behalf of the company during the application process.
To be eligible to participate in this program DoD contractors must be a cleared defense contractor (CDC) and shall: