IR-6 Incident Reporting

Description

The intent of this Control is to address both specific incident reporting requirements within an organization and the formal incident reporting requirements for federal agencies and their subordinate organizations.

Suspected security incidents include, for example, the receipt of suspicious email communications that can potentially contain malicious code. The types of security incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable federal laws, executive orders, directives, regulations, policies, standards, and guidance.

Current federal policy requires that all federal agencies (unless specifically exempted from such requirements) report security incidents to the United States Computer Emergency Readiness Team (US-CERT) within specified time frames designated in the US-CERT Concept of Operations for Federal Cyber Security Incident Handling.

Applicability

This procedure applies to all information resource owners or designees, custodians, and third parties who are responsible for TAMU-CC information resources.

Common events such as malware, or other events that are detected, mitigated, and restored within a reasonable amount of time, by locally available unit staff, are not included in this Control.

Implementation

The System member discloses incidents which compromise the confidentiality, integrity, or availability of major or mission-critical information systems, or systems processing confidential information, as quickly as possible upon the discovery or receipt of notification of the incident, using the notification matrix in Appendix C: Incident Notification Matrix, unless a law enforcement agency determines such a notification will impede a criminal investigation.

Revision History

Last Updated: February 21, 2025

Previous Versions:

• June 29, 2023
• May 31, 2022
• March 25, 2021
• September 16, 2019