Definition of Cyber Incident

[dkahle20]

Under Section 2, Cyber Incident Reporting, the definition of cyber incident is: "actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein."

However, within NIST SP 800-61, Revision 2, Computer Security Incident Handling Guide, a computer security incident is defined as "a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security policies."

Within the procurement guidance, it states that "specific requirements included in the contractual language shall be based on Federal law, OMB policies, and NIST standards and guidelines." This causes confusion, as the language differs between this OMB guidance and existing NIST standards. We request that the language be updated to ensure that there is consistency between this guidance and existing NIST requirements.

[BSATheSoftwareAlliance]

BSA| The Software Alliance Comments on Definition of Cyber Incident

Definition of cyber incident. The Proposed Guidelines define cyber incidents as “actions taken through the use of computer networks that result in a compromise or actual or potentially adverse effect on an information system and/or the information residing therein.” This definition is overly broad and applies to every situation regardless of the circumstances. We believe that a risk-based approach should be applied to determine what is an “incident” for the purpose of incident reporting. To ensure that agencies are not inundated with notices regarding immaterial attempts to compromise networks, the notification obligation should be defined on a case-by case basis.