Loading...
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO

Welcome to the DIBNet portal

DoD’s gateway for defense contractor reporting and voluntary participation in DoD’s DIB Cybersecurity Program.

Cyber Reports

Report a Cyber Incident

A Medium Assurance Certificate is required to report a Cyber Incident, applying to the DIB CS Program is not a prerequisite to report.

DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting
DFARS 252.239-7010 Cloud Computing Services

FAR 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities
FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment

Need Assistance?

Contact DoD Cyber Crime Center (DC3)  DCISE@dc3.mil   Hotline: (410) 981-0104   Toll Free: (877) 838-2174

DoD’s DIB Cybersecurity (CS) Program

Apply Now!

The DIB CS Program is a voluntary public-private cybersecurity partnership in which DoD and participants share cyber threat information, mitigation and remediation strategies, and more.

DIB CS Participant Login Voluntary Report

Cyber Threat Roundup

The Cyber Threat Roundup is a weekly collection of recent open-source articles of interest for the Defense Industrial Base. For the latest edition of the Cyber Threat Roundup, please click here.

For more information about other products, please apply to the DIB CS Program.

Need Assistance?

Contact the DIB CS Program Office  OSD.DIBCSIA@mail.mil   Hotline: (703) 604-3167   Toll Free: (855) DoD-IACS   Fax: (571) 372-5434

 

A DoD-approved Medium Assurance Certificate is required to access DIBNet services. To obtain a DoD-approved Medium Assurance Certificate, please click here.

 

Reporting

For Prohibition on Contracting with Covered Entities

DoD contractors shall report as much of the following information as can be obtained to DoD within 1 business day of identifying or being notified by a subcontractor that a covered article was provided to the Government during contract performance.

  1. Contract Number
  2. Order number(s), if applicable
  3. Supplier name
  4. Brand
  5. Model number (Original Equipment Manufacturer (OEM) number, manufacturer part number, or wholesaler number)
  6. Item Description
  7. Any readily available information about mitigation actions undertaken or recommended

See FAR 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities for more information.

See FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment for more information.

For DoD Contractors Reporting Cyber Incidents

DoD contractors shall report as much of the following information as can be obtained to DoD within 72 hours of discovery of any cyber incident.

  1. Company name
  2. Company point of contact information (address, position, telephone, email)
  3. Data Universal Numbering System (DUNS) Number
  4. Contract number(s) or other type of agreement affected or potentially affected
  5. Contracting Officer or other type of agreement point of contact (address, position, telephone, email)
  6. USG Program Manager point of contact (address, position, telephone, email)
  7. Contract or other type of agreement clearance level (Unclassified, Confidential, Secret, Top Secret, Not applicable)
  8. Facility CAGE code
  9. Facility Clearance Level (Unclassified, Confidential, Secret, Top Secret, Not applicable)
  10. Impact to Covered Defense Information
  11. Ability to provide operationally critical support
  12. Date incident discovered
  13. Location(s) of compromise
  14. Incident location CAGE code
  15. DoD programs, platforms or systems involved
  16. Type of compromise (unauthorized access, unauthorized release (includes inadvertent release), unknown, not applicable)
  17. Description of technique or method used in cyber incident
  18. Incident outcome (successful compromise, failed attempt, unknown)
  19. Incident/Compromise narrative
  20. Any additional information

See DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting for more information.

For DoD Contractors Providing Cloud Services

  1. Contract information to include contract number, USG Contracting Officer(s) contact information, contract clearance level, etc.
  2. Contact information for the impacted and reporting organizations as well as the MCND
  3. Details describing any vulnerabilities involved (i.e., Common Vulnerabilities and Exposures (CVE) identifiers)
  4. Date/Time of occurrence, including time zone
  5. Date/Time of detection and identification, including time zone
  6. Related indicators (e.g. hostnames, domain names, network traffic characteristics, registry keys, X.509 certificates, MD5 file signatures)
  7. Threat vectors, if known (see Threat Vector Taxonomy and Cause Analysis flowchart within the US-CERT Federal Incident Notification Guidelines)
  8. Prioritization factors (i.e. functional impact, information impact, and recoverability as defined flowchart within the US-CERT Federal Incident Notification Guidelines)
  9. Source and Destination Internet Protocol (IP) address, port, and protocol
  10. Operating System(s) affected
  11. Mitigating factors (e.g. full disk encryption or two-factor authentication)
  12. Mitigation actions taken, if applicable
  13. System Function(s) (e.g. web server, domain controller, or workstation)
  14. Physical system location(s) (e.g., Washington DC, Los Angeles, CA)
  15. Sources, methods, or tools used to identify the incident (e.g., Intrusion Detection System or audit log analysis)
  16. Any additional information relevant to the incident and not included above

See DFARS 252.239-7010 Cloud Computing Services for more information.

For DoD's DIB CS Program Participants

DIB participants are encouraged to report information to promote sharing of cyber threat indicators that they believe are valuable in alerting the Government and others, as appropriate in order to better counter threat actor activity. Cyber incidents that are not compromises of covered defense information or do not adversely affect the contractor’s ability to perform operationally critical support may be of interest to the DIB and DoD for situational awareness purposes.

  1. Company name
  2. Company point of contact information (address, position, telephone, email)
  3. Date incident discovered
  4. Location(s) of incident
  5. Incident location CAGE Code
  6. Incident outcome (successful compromise, failed attempt, unknown)
  7. Incident Resolution Date/Time
  8. Detection Method
  9. Type of incident (unauthorized access, unauthorized release, includes inadvertent release, unknown, not applicable)
  10. Incident/Indicator Details/Narrative (including insertion of relevant indicators)
  11. PII compromised or potentially compromised in the occurrence
  12. Description of technique or method used
  13. Was known APT involved
  14. Was the incident detected by DC3/DCISE Indicator
  15. Any additional information relevant to the incident

About the DIB CS Program

What is the DoD's DIB CS program?

DoD established the Defense Industrial Base (DIB) Cybersecurity (CS) Program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on or transits DIB unclassified networks or information systems. This public-private cybersecurity partnership is designed to improve DIB network defenses, reduce damage to critical programs, and increase DoD and DIB cyber situational awareness. Under the DIB CS Program, DoD and DIB participants share unclassified and classified cyber threat information.

See 32 Code of Federal Regulations (CFR) Part 236, DoD's DIB Cybersecurity Activities for more information.

DIB CS Program Eligibility Requirements

DoD contractors submit an application by clicking here. Access to DoD's DIB Cybersecurity information sharing program application requires a DoD-approved medium assurance certificate. For information on obtaining a DoD-approved medium assurance certificate, please click here. Please also note that the online application process will only permit one application account per company. The company applicant must be a U.S. citizen and authorized to act on behalf of the company during the application process.

To be eligible to participate in this program DoD contractors must be a cleared defense contractor (CDC) and shall:

  • Have an existing Facility Clearance (FCL) granted under NISPOM (DoD 5220.22-M)
  • Execute the standardized Framework Agreement (FA) with the Government
  • To receive classified cyber threat information electronically:
    • (a) Have or acquire a Communication Security (COMSEC) account in accordance with the NISPOM Chapter 9, Section 4 (DoD 5220.22-M), which provides procedures and requirements for COMSEC activities; and
      (b) Have or acquire approved safeguarding for at least Secret information, and continue to qualify under the NISPOM for retention of its FCL and approved safeguarding; and
      (c) Obtain access to DoD's secure voice and data transmission systems supporting the voluntary DoD's DIB Cybersecurity information sharing program.

U.S. Department of Defense (DoD)

DoD Chief Information Officer (CIO)

DoD Cyber Crime Center (DC3)

Defense Counterintelligence and Security Agency (DCSA)

Department of Homeland Security (DHS) Enhanced Cybersecurity Services (ECS)

National Defense ISAC (NDISAC)

Inspector General

Privacy & Security

Link Disclaimer

FOIA

USA.gov

No FEAR Act

Plain Writing Act of 2010

Accessibility/Section 508

UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO