Within 1 hour of discovery
A breech must be reported within one hour.
When must a breach be reported to the U.S. Computer Emergency Readiness Team?
When must a breach be reported to the U.S. Computer Emergency Readiness Team?
When must a breach be reported to the U.S. Computer Emergency Readiness Team?
When must a breach be reported to the U.S. Computer Emergency Readiness Team?
When must a breach be reported to the U.S. Computer Emergency Readiness Team?
Within 1 hour of discovery
Criminal Penalties, Civil Money Penalties, Sanctions
Within 24 hours of discovery.
Within 24 hours of discovery.
A breach must be reported to the U.S. Computer Emergency Readiness Team (US-CERT) when it involves a significant incident that impacts federal systems, networks, or data, or when it poses a potential threat to national security or public safety. Additionally, federal agencies and certain critical infrastructure sectors are required to report incidents that could compromise sensitive information or disrupt operations. Timely reporting is essential to facilitate coordinated responses and mitigate further risks.
According to the Department of Defense (DoD) 5400.11-R, "DoD Privacy Program, a breach is defined as "actual or possible loss of control, unauthorized disclosure, or unauthorized access of personal information where persons other than authorized users gain access or potential access to such information for an other than authorized purposes where one or more individuals will be adversely affected." Each time one of the above situations happens, it must be reported to the U.S. Computer Readiness Team within one hour.