Welcome to the DIBNet Portal

DoD's gateway for defense contractor reporting and voluntary participation in DoD's DIB Cybersecurity Program.

Cyber Reports

Report a Cyber Incident

A Medium Assurance Certificate is required to report a Cyber Incident, applying to the DIB CS Program is not a prerequisite to report.

DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting

DFARS 252.239-7010 Cloud Computing Services

FAR 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities

FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment

Need Assistance?

Contact DoD Cyber Crime Center (DC3) DC3.DCISE@us.af.mil Hotline: (410) 981-0104 Toll Free: (877) 838-2174

DoD’s DIB Cybersecurity (CS) Program

Apply Now!

The DIB CS Program is a voluntary public-private cybersecurity partnership in which DoD and participants share cyber threat information, mitigation and remediation strategies, and more.

DIB CS Participant Login Voluntary Report
Cyber Threat Roundup

The Cyber Threat Roundup is a weekly collection of recent open-source articles of interest for the Defense Industrial Base. For the latest edition of the Cyber Threat Roundup, please click here.

For more information about other products, please apply to the DIB CS Program.

Need Assistance?
Contact the DIB CS Program Office OSD.DIBCSIA@mail.mil Hotline: (703) 604-3167 Toll Free: (855) DoD-IACS Fax: (571) 372-5434

CISA ALERT: Due to increasing geopolitical tensions, the Department of Homeland Security's (DHS) Cyber and Infrastructure Security Agency (CISA) has issued a “Shields Up” advisory (www.cisa.gov/shields-up). This is relevant to all DIB Companies.

 

A DoD-approved Medium Assurance Certificate is required to access DIBNet services. To obtain a DoD-approved Medium Assurance Certificate, please click here.

Reporting

DoD contractors shall report as much of the following information as can be obtained to DoD within 1 business day of identifying or being notified by a subcontractor that a covered article was provided to the Government during contract performance.

  1. Contract Number
  2. Order number(s), if applicable
  3. Supplier name
  4. Brand
  5. Model number (Original Equipment Manufacturer (OEM) number, manufacturer part number, or wholesaler number)
  6. Item Description
  7. Any readily available information about mitigation actions undertaken or recommended

See FAR 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities for more information.

See FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment for more information.

DoD contractors shall report as much of the following information as can be obtained to DoD within 72 hours of discovery of any cyber incident.

  1. Company name
  2. Company point of contact information (address, position, telephone, email)
  3. Data Universal Numbering System (DUNS) Number
  4. Contract number(s) or other type of agreement affected or potentially affected
  5. Contracting Officer or other type of agreement point of contact (address, position, telephone, email)
  6. USG Program Manager point of contact (address, position, telephone, email)
  7. Contract or other type of agreement clearance level (Unclassified, Confidential, Secret, Top Secret, Not applicable)
  8. Facility CAGE code
  9. Facility Clearance Level (Unclassified, Confidential, Secret, Top Secret, Not applicable)
  10. Impact to Covered Defense Information
  11. Ability to provide operationally critical support
  12. Date incident discovered
  13. Location(s) of compromise
  14. Incident location CAGE code
  15. DoD programs, platforms or systems involved
  16. Type of compromise (unauthorized access, unauthorized release (includes inadvertent release), unknown, not applicable)
  17. Description of technique or method used in cyber incident
  18. Incident outcome (successful compromise, failed attempt, unknown)
  19. Incident/Compromise narrative
  20. Any additional information

See DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting for more information.

  1. Contract information to include contract number, USG Contracting Officer(s) contact information, contract clearance level, etc.
  2. Contact information for the impacted and reporting organizations as well as the MCND
  3. Details describing any vulnerabilities involved (i.e., Common Vulnerabilities and Exposures (CVE) identifiers)
  4. Date/Time of occurrence, including time zone
  5. Date/Time of detection and identification, including time zone
  6. Related indicators (e.g. hostnames, domain names, network traffic characteristics, registry keys, X.509 certificates, MD5 file signatures)
  7. Threat vectors, if known (see Threat Vector Taxonomy and Cause Analysis flowchart within the US-CERT Federal Incident Notification Guidelines)
  8. Prioritization factors (i.e. functional impact, information impact, and recoverability as defined flowchart within the US-CERT Federal Incident Notification Guidelines)
  9. Source and Destination Internet Protocol (IP) address, port, and protocol
  10. Operating System(s) affected
  11. Mitigating factors (e.g. full disk encryption or two-factor authentication)
  12. Mitigation actions taken, if applicable
  13. System Function(s) (e.g. web server, domain controller, or workstation)
  14. Physical system location(s) (e.g., Washington DC, Los Angeles, CA)
  15. Sources, methods, or tools used to identify the incident (e.g., Intrusion Detection System or audit log analysis)
  16. Any additional information relevant to the incident and not included above

See DFARS 252.239-7010 Cloud Computing Services for more information.

DIB participants are encouraged to report information to promote sharing of cyber threat indicators that they believe are valuable in alerting the Government and others, as appropriate in order to better counter threat actor activity. Cyber incidents that are not compromises of covered defense information or do not adversely affect the contractor’s ability to perform operationally critical support may be of interest to the DIB and DoD for situational awareness purposes.

  1. Company name
  2. Company point of contact information (address, position, telephone, email)
  3. Date incident discovered
  4. Location(s) of incident
  5. Incident location CAGE Code
  6. Incident outcome (successful compromise, failed attempt, unknown)
  7. Incident Resolution Date/Time
  8. Detection Method
  9. Type of incident (unauthorized access, unauthorized release, includes inadvertent release, unknown, not applicable)
  10. Incident/Indicator Details/Narrative (including insertion of relevant indicators)
  11. PII compromised or potentially compromised in the occurrence
  12. Description of technique or method used
  13. Was known APT involved
  14. Was the incident detected by DC3/DCISE Indicator
  15. Any additional information relevant to the incident
About the DIB CS Program

DoD established the Defense Industrial Base (DIB) Cybersecurity (CS) Program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on or transits DIB unclassified networks or information systems. This public-private cybersecurity partnership is designed to improve DIB network defenses, reduce damage to critical programs, and increase DoD and DIB cyber situational awareness. Under the DIB CS Program, DoD and DIB participants share unclassified and classified cyber threat information.

See 32 Code of Federal Regulations (CFR) Part 236, DoD's DIB Cybersecurity Activities for more information.

Learn more about DoD's DIB Cybersecurity efforts here.

The Manufacturing Overlay was created to help secure information systems supporting manufacturing processes, and was developed through a partnership with cybersecurity experts from the Defense Industrial Base (DIB) Cybersecurity (CS) Program and USG. The Manufacturing Overlay is intended to complement (and further refine) existing security control baselines; further tailoring of controls may be required for systems with additional security or operational considerations.

The DIB Guide to Implementing the Cybersecurity Framework supports DoD’s critical infrastructure responsibilities for the DIB. This Guide was developed working with our private sector partners to implement the Framework, while also incorporating the security requirements of NIST SP 800-171.

The DoD-Defense Industrial Base Collaborative Information Sharing Environment (DCISE), through the DoD Defense Cyber Crime Center (DC3), serves as the operational focal point for the DIB Cybersecurity Program under 32 Code of Federal Regulations, Part 236. DCISE fosters a cyber threat information sharing partnership with DIB participants by performing cyber analysis, offering mitigation and remediation strategies, providing best practices, and conducting analyst-to-analyst exchanges with DIB participants. Learn more about DCISE and DC3 capabilities here:

DCISE Slick Sheets

Analytics

eXpanded Offerings and Projects (XOP)

DIB Tech Talks