@DC3DCISE
DC3 Mission

DoD-Defense Industrial Base Collaborative Information Sharing Environment (DCISE)

Safeguarding the Defense Industrial Base through cyber incident reporting, threat intelligence, partner collaboration, and cyber resilience support.

Report a Cyber Incident Explore Threat Products
 
About DCISE Learn how DCISE supports reporting, intelligence sharing, and cyber resilience across the Defense Industrial Base. Report an Incident Access mandatory and voluntary reporting guidance, certificate requirements, and malware submission information. Threat Intelligence Products Explore DCISE product types, quarterly threat PDFs, and cyber threat roundup links. DCISE Resources Find webinars, CRA tools, partner programs, FAQs, and additional support resources.
About DCISE

Central reporting, intelligence, and support for the Defense Industrial Base

DCISE is the designated DoD center for Defense Industrial Base cyber incident reporting and collaborative information sharing, supporting required reporting under DFARS 252.204-7012 and related regulations.

DCISE enriches incident reporting with all-source intelligence analysis and shares cyber threat information through reports, products, engagements, and direct partner support to help organizations reduce risk and improve resilience.

  • Central Reporting Hub: The designated DoD center for DIB cyber incident reporting.
  • Actionable Intelligence: Enhances reports with intelligence context and indicators to support action.
  • Partner Support: Provides malware submission support, resources, and a 24/7 hotline.
  • Collaborative Environment: Works across DIB companies, U.S. Government stakeholders, and mission partners.

At-a-glance value

Incident Reporting Supports mandatory and voluntary reporting channels for DIB partners.
24/7 Support Hotline support is available outside normal business hours.
Threat Intelligence Delivers cyber reporting, indicators, alerts, and analytical products.
Cyber Resilience Connects partners to self-assessment tools, events, and defensive services.

Report an incident

Timely cyber incident reporting is critical to national security. DCISE supports both mandatory and voluntary reporting and helps organizations route malware, suspicious files, and related artifacts for analysis.

Report a Cyber Incident Submit Malware

Mandatory and Voluntary Cyber Incident Reporting

A DoD-Approved Medium Assurance Certificate is required to report a cyber incident. However, if you do not yet have one and need to report an incident, email DC3.DCISE@us.af.mil for assistance.

Report a Cyber Incident

Approved ECA Vendors: IdenTrust, Inc.  |  WidePoint

Certificate and secure access visual

Certificate Requirements

DoD-approved Medium Assurance Certificates enable secure communications and authentication for incident reporting and other protected DCISE functions.

IdenTrust
WidePoint

Malware submission portal visual

Electronic Malware Submission (EMS)

Submit malware and malware artifacts securely for analysis. EMS also provides Automated Malware Response with quick analysis of suspicious files, phishing emails, and attachments.

Open EMS Portal
Support and reporting visual

Mandatory vs. Voluntary

Mandatory reporting supports contract and regulatory requirements tied to covered defense information and operationally critical support. Voluntary reporting helps strengthen situational awareness and indicator sharing across the DIB.

DCISE Hotline: 410-981-0104

Threat Intelligence Products

Products designed to deliver timely, actionable insight

DCISE produces products ranging from indicator-based reporting to strategic cyber threat analysis, helping partners understand actor behavior, targeted technologies, and emerging risk.

Threat Activity Reports (TARs)

Focus on specific Advanced Persistent Threat sets, campaigns, or malware.

Cyber Targeting Analysis Reports (CTARs)

Focus on technology, platforms, or systems targeted by APT campaigns or malware.

CRF Rollup and CRF Supplement

Enrich mandatory and voluntary reporting with indicators, threat context, and actor TTPs relevant to the DIB.

Alerts, Warnings, Advisories, and TIPPERs

Provide timely notification of critical vulnerabilities, actively exploited issues, and threat activity affecting DIB partners.

Threat Information Product (TIP)

Contains Controlled Unclassified Information or unclassified indicators from multiple sources.

Weekly Indicator Roundup (WIR)

Provides a regular collection of indicators to support automated ingestion into defensive tooling.

Quarterly DIB-Reported Cyber Threats

Review published quarterly PDFs to understand reported cyber threats affecting the Defense Industrial Base across recent calendar years.

2025
2024
2023
Cyber Threat Roundup

Recent DCISE Cyber Threat Roundup links

These roundup PDFs provide recurring cyber threat visibility for partners. Use this section as a quick access block to recent roundup releases.

2025 February

2025 March

2025 April–June

DCISE Resources

Partner support, cyber resilience tools, and additional guidance

DCISE resources include partner services, self-assessment tools, events, policy references, and FAQs that help organizations strengthen security posture and stay engaged.

DCISE³

Automated threat detection, scoring, and blocking with integration of DCISE threat intelligence.

Email to Learn More

DIB Vulnerability Disclosure Program

Uses vetted ethical researchers to help discover vulnerabilities on public-facing DIB infrastructure.

Learn More

DC3 ENSITE

Delivers real-time threat intelligence and AI/ML-powered detection through a centralized dashboard.

Explore DC3 ENSITE

Events & Webinars

Includes Partner Familiarization Events, A2A, B2B, TechEx, RPEX, FIRE exercises, webinars, and Partner Essentials sessions.

Explore Engagement Opportunities

Cyber Resilience Analysis (CRA)

Self-assessment tool aligned to NIST CSF, NIST 800-171, and CMMC to help identify vulnerabilities across 10 security domains.

Open CRA User Guide

NSA Cybersecurity Collaboration Center

Additional partner services include PDNS+, Attack Surface Management, Autonomous Penetration Testing, and Threat Intelligence Collaboration.

Visit NSA CCC

Reporting FAQs, policy, and support resources

Expand the sections below for common reporting questions, CMMC guidance, policy references, and general support information.

Cyber Incident Reporting FAQs +
What certificate is required to submit a report? +

A DoD-Approved Medium Assurance Certificate is required to report a cyber incident. If you do not yet have one, email DC3.DCISE@us.af.mil or call the DCISE hotline at (410) 981-0104 for assistance.

How can I submit malicious files for analysis? +

Contractors can request an EMS account and submit malicious files at ems.dc3on.gov. A one-time upload link may also be requested by emailing DC3.DCISE@us.af.mil and including your ICF number in the subject line.

Do not use email to submit malicious files to DoD.

What is the difference between mandatory and voluntary reporting? +

Mandatory reporting under DFARS 252.204-7012 is required by many DoD contracts and subcontracts involving covered defense information and/or operationally critical support. Voluntary reporting shares cyber threat information and indicators that help improve DIB-wide cybersecurity posture.

Cyber Maturity Model Certification (CMMC) 2.0 +
Overview +

The Department of Defense finalized the CMMC 2.0 Rule, effective November 10, 2025. New solicitations and contracts may include CMMC requirements based on whether an organization handles Federal Contract Information or Controlled Unclassified Information.

Levels and planning +
  • Level 1 – Foundational
  • Level 2 – Advanced
  • Level 3 – Expert
  • Identify systems handling FCI/CUI and determine required assessment level.
Policy, standards, and resources +
Key policy references +
Additional resources +
Miscellaneous FAQs +
How do I become a point of contact? +

Send an email to DC3.DCISE@us.af.mil and include your name, email address, and phone number. POCs need a DoD-approved medium assurance certificate and a signed non-disclosure agreement.

Can I follow DCISE on social media? +

X: @DC3DCISE
LinkedIn: Defense Cyber Crime Center

Need help outside normal business hours? +

The DCISE hotline at (410) 981-0104 operates 24/7.

Need DCISE support or have reporting questions?

Phone: 410-981-0104
Toll Free: 1-877-838-2174
Email: dc3.dcise@us.af.mil

Email DCISE Report an Incident