Report a Cyber Incident

Timely reporting is critical to national security. Submit a mandatory or voluntary cyber incident report through the Incident Collection Format portal.

Report a Cyber Incident
A DoD-Approved Medium Assurance Certificate is required for portal submission.
Approved ECA Vendors: IdenTrust   |   WidePoint
Need reporting assistance? Email DC3.DCISE@us.af.mil.
@DC3DCISE
DC3 Mission

DoD–Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE)

Safeguarding the Defense Industrial Base through cyber incident reporting, threat intelligence, and collaboration.

 
Program Overview

Protecting the Defense Industrial Base Through Reporting, Collaboration, and Cyber Resilience

Designated as the focal point and repository for Defense Industrial Base cyber incident reporting, DCISE helps translate partner reporting into operationally relevant insight. Through analysis, information sharing, and access to cybersecurity capabilities, DCISE supports stronger decision-making and faster action across the DIB and U.S. Government stakeholders.

While reporting under applicable DFARS clauses may be mandatory, DCISE also enables voluntary reporting that improves situational awareness, strengthens collective defense, and helps inform broader cyber action across the ecosystem.

1,100+ Defense contractor and U.S. Government stakeholders in the collaborative environment
24/7/365 Support availability for incident reporting and DIB partner assistance
Daily Threat indicators, reporting, and relevant cybersecurity insight for partners
CMMI-SVC 3 Capability Maturity Model Integration for Services maturity level rating

Join the Program

DCISE supports eligible Defense Industrial Base partners with reporting pathways, threat-informed collaboration, and access to services that improve awareness and cyber resilience.

Why Join

Participation helps organizations strengthen cyber resilience, improve visibility into relevant threats, and connect with mission-focused support aligned to DIB risk.

  • Improve access to cyber threat insight and reporting support
  • Strengthen collective awareness across the DIB ecosystem
  • Learn about available DCISE and DC3 cybersecurity capabilities

Who Should Participate

This program is intended for eligible Defense Industrial Base organizations and partners seeking to improve cybersecurity collaboration and reporting engagement with DoD.

  • Defense contractors supporting DoD missions
  • Organizations handling covered defense information or related reporting requirements
  • Partners interested in voluntary cyber threat sharing and collaboration

What Members Receive

DCISE helps connect participants to operationally relevant insight, reporting pathways, and cybersecurity support resources.

  • Threat indicators and cyber reporting support
  • Awareness of DIB-focused capabilities and services
  • Access points for engagement, briefings, webinars, and exchanges

How to Get Started

Reach out to the DCISE team to learn about participation, onboarding steps, and available program pathways based on your organization’s needs.

  • Email the registration team to express interest
  • Ask questions about eligibility, onboarding, or capabilities
  • Connect with DCISE for next-step guidance

Interested in learning more?

Email the DIB Cybersecurity Program registration team for details, onboarding guidance, and next steps for participation.

For incident reporting support, email DC3.DCISE@us.af.mil. A DoD-Approved Medium Assurance Certificate is required to submit through the reporting portal.
Email Registration Team

DoD–Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE) Overview

DCISE is the DoD focal point for Defense Industrial Base cyber incident reporting under 10 U.S.C. §§391–393 and DFARS 252.204-7012. The program enriches incident reporting with all-source intelligence analysis and shares cyber threat insights with Defense contractors and U.S. Government partners to enable action against malicious cyber activity.

Explore DCISE Capabilities and Engagement Opportunities

DCISE connects Defense Industrial Base partners to cybersecurity capabilities, engagement opportunities, and threat-informed resources that help strengthen resilience and support mission needs.

Cybersecurity Capabilities

DC3 cybersecurity capabilities help reduce risk, improve visibility, and strengthen cyber resilience across the Defense Industrial Base.

  • DCISE3: Risk-based threat scoring, alerting, and insight from DIB firewall traffic analysis.
  • DIB-VDP: Vulnerability discovery support for public-facing DIB assets through vetted ethical researchers.
  • DC3 ENSITE: Centralized visibility with real-time intelligence and AI/ML-powered detection.
 
Learn more about DIB-VDP

Explore DC3 ENSITE

Events & Webinars

DCISE offers engagements designed to inform, educate, and connect DIB partners with relevant cybersecurity resources and collaboration opportunities.

  • Introductory briefings
  • Technical exchanges
  • Webinars and virtual sessions
  • Regional exchange opportunities
 
Learn more about DCISE engagement opportunities

DCISE Cyber Threat Products

DCISE cyber threat products help partners strengthen security posture, improve awareness, and better protect controlled unclassified information.

  • Threat reporting and partner-relevant indicators
  • Cyber products that support awareness and defense
  • Information that helps inform action and mitigation
 
Explore DCISE Cyber Threat Products

Need help choosing the right DCISE capability?

Contact the DCISE team for guidance on reporting, services, engagement opportunities, and which resources may best fit your organization’s needs.

Email DCISE

Level Up Your Cyber Resilience

The Cyber Resilience Analysis (CRA) is a self-assessment resource that helps organizations identify vulnerabilities and strengthen cyber readiness across key security domains. It aligns with recognized frameworks including NIST CSF, NIST SP 800-171, and CMMC.

CRA Resources

Additional References

Disclaimer: The CRA reflects an organization’s capabilities only at the time of the self-assessment and is not intended to be a compliance activity.

FAQs, Reporting Guidance, and Program Resources

Explore common questions related to cyber incident reporting, certificates, onboarding, and program support resources.

Cyber Incident Reporting FAQs +
What DoD-Approved Medium Assurance Certificate is required to submit a report? +

DoD-Approved certificates enable secure communications between the U.S. Government and industry.

A DoD-Approved Medium Assurance Certificate is required to report a cyber incident. If you do not yet have a certificate and need to report a cyber incident, please email DC3.DCISE@us.af.mil or call the DCISE hotline at (410) 981-0104 for further assistance.

Report a Cyber Incident

For DoD Contractors Reporting Cyber Incidents (DFARS 252.204-7012) +

DoD contractors shall report as much of the following information as can be obtained within 72 hours of discovery of any cyber incident involving covered defense information (CDI) or the information systems that store, process, or transmit CDI.

  1. Company name
  2. Unique Entity Identifier (UEI)
  3. Facility CAGE code
  4. Contract number
  5. Company point of contact information
  6. U.S. Government program point of contact
  7. Impact to Covered Defense Information
  8. Ability to provide operationally critical support
  9. Date incident discovered
  10. Location(s) of compromise
  11. Type of compromise
  12. Description of technique or method used
  13. Incident outcome
  14. Incident narrative and any additional relevant details

See DFARS 252.204-7012 for more information.

For Voluntary Reporting +

DIB companies are encouraged to voluntarily report cyber threat activity that may be valuable for U.S. Government analysis and sharing.

  • Suspected APT activity
  • Reconnaissance activities such as vulnerability scanning or exploitation attempts
  • Threat actor infrastructure
  • Network compromises not impacting DoD information
  • Phishing email messages
  • Suspicious files, activity, or network traffic
How can I submit malicious files for analysis to DC3? +

DFARS 252.204-7012 requires contractors to isolate and submit malicious files, when available, to DC3 as part of mandatory reporting requirements.

If you have a PKI certificate, you can request an Electronic Malware Submission (EMS) portal account to submit malicious files and download the associated report once complete.

Submit malicious files to EMS at ems.dc3on.gov. You may also request a one-time upload link by emailing DC3.DCISE@us.af.mil and including your ICF number in the subject line.

Do not use email to submit malicious files to DoD.

Cybersecurity Program & Participation +
Who can participate in the DIB Cybersecurity Program? +

The program is intended for eligible Defense Industrial Base organizations and partners seeking stronger cybersecurity collaboration, reporting engagement, and access to DIB-focused resources.

How do I learn more or start onboarding? +

Email DC3.DIB.CSRegistration@us.af.mil to express interest, ask onboarding questions, and request next-step guidance.

Can DCISE help me understand which services fit my organization? +

Yes. Contact DC3.DCISE@us.af.mil for help understanding available capabilities, engagement opportunities, and which services may best align with your organization’s needs.

Miscellaneous FAQs +
I clicked on the report button and got a browser error. Is the site down? +

A DoD-Approved Medium Assurance Certificate is required to access reporting capabilities. ECA certificates are obtained directly from the approved vendors.

If you do not yet have a certificate, please email DC3.DCISE@us.af.mil or call (410) 981-0104 for assistance.

If I need assistance outside normal business hours, what are my options? +

The DCISE hotline at (410) 981-0104 operates 24/7. Normal in-office operating hours are Monday through Friday from 6:00 a.m. to 6:00 p.m. ET.

Can the DCISE help me with CMMC? +

Contact DC3.DCISE@us.af.mil to submit a request for information and learn how DCISE capabilities support organizations preparing for CMMC-related requirements.

Contact Us

Phone: 410-981-0104
Toll Free: 1-877-838-2174
Email: dc3.dcise@us.af.mil
Follow us on   @DC3DCISE

Obtain a Medium Assurance Certificate

Required by DFARS 252.204-7012, DoD-approved certificates enable secure communications between the DIB and the DoD.

Approved ECA Vendors
IdenTrust, Inc.   |   WidePoint (formerly ORC)

Submit Malware

Electronic Malware Submission (EMS) enables the DoD, the IC, the DIB, and other mission partners to securely submit malware and malware artifacts for analysis through the EMS portal.