New U.S. Computer Emergency Readiness Team (U.S.-Cert) guidelines around incident reporting went into effect this week (April 1, 2017). The guidelines require all federal departments and agencies, state, local, tribal and territorial government entities, information sharing and analysis organizations and private-sector organizations to report any security incident impacting the confidentiality, integrity or availability of a federal government information system to U.S.-Cert within 1 hour of the incident. 

Following the discovery of the compromise, the organization is to submit information relating to the impact of the incident, recoverability, detection, systems, records and users impacted, as well as the location of the network to U.S.-Cert via an Incident Reporting Form by email to soc@us-cert.gov.

Any private sector companies, including defense contractors, which have access to government systems, are required to comply with these requirements, and to have an incident response plan, with processes in place to report an incident within 1 hour.