An official website of the United States government
Here's how you know
Official websites use .mil
A
.mil
website belongs to an official U.S. Department of Defense organization in the United States.
Secure .mil websites use HTTPS
A
lock (
lock
)
or
https://
means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.
Skip to main content (Press Enter).
Toggle navigation
Department of Defense Cyber Crime Center (DC3)
A FEDERAL CYBER CENTER
Department of Defense Cyber Crime Center (DC3)
Search
Search DC3:
Search
Search DC3:
Search
About DC3
Capabilities and Services
DC3 101 Film
DC3 Leadership
Biographies
Mission and Vision
Strategic Goals
DC3 History
Operating Status
News
DC3 Executive
Executive Communications
DC3 Editorial
Cyber Training Academy
DIB Cybersecurity
Cyber Forensics Laboratory
Judge Advocate
Operations Enablement
Information Technology
Vulnerability Disclosure
Employment
Careers
Missions
DC3 Cyber Training Academy
DC3 Cyber Training Academy
National Centers of Digital Forensics Academic Excellence (CDFAE)
DIB Cybersecurity (DCISE)
DIB Cybersecurity
DIB Tech Talks - Meet DOD DC3 DCISE
DCISE Cyber Threat Roundup
DCISE Resources
DCISE Slick Sheets
Report a Cyber Incident
Cyber Forensics Laboratory
Operations Enablement
Operations Enablement
DC3 ENSITE
Information Technology
Vulnerability Disclosure
Vulnerability Disclosure Program (VDP)
VDP Annual Reports
VDP Bug Bytes
Submit a Vulnerability Report
DIB-Vulnerability Disclosure Program
DIB-VDP Myte Byte
Partnerships
External Elements, Embeds, Stakeholders and Mission Partners
Products
DC3 Fact Sheets
DC3 Training
DC3 Trifold
Resources
Attend Training
Employees
Outlook Web Application (OWA)
OWA Microsoft Teams
Legal Library
Submit a Vulnerability Report
Tools
Access DC3 Customer Portal
Access DC3 EMS Tool
DC3 on GitHub
DC3 on SourceForge
DC3 Tools
DC3 Validations
Contact Us
DC3 Contact Information
About DC3
Missions
DIB Cybersecurity (DCISE)
DCISE Resources
DoD-Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE)
DCISE Resources
DC3 DCISE Service Offerings
DC3 DCISE offers many Cybersecurity-as-a-Service (CaaS) products at no cost to DIB CS Partners:
DCISE
3
:
automated threat detection, scoring, and blocking solution with integration of DCISE threat intelligence
DIB-Vulnerability Disclosure Program:
utilizes independent white hat hackers to help you discover vulnerabilities on your publicly facing infrastructure
DC3 DCISE Events
DC3 DCISE facilitates a number of events throughout the year. Registration for events is done through the Customer Portal (
https://customerportal.dc3.
mil
). If you have issues registering for an event, email
DC3.DCISE@us.af.mil
and our team can help.
Partner Familiarization Event:
Introductory meeting between DC3 DCISE and newly onboarded DIB CS Program Partners. Discussions include DCISE and Partner Points of Contact (POCs) as well as a high-level overview of offerings, and submitting incident reports.
A2A:
DIB Partner-driven and may address APT TTPs, technology targeting, and current threat reporting.
B2B:
Introduction to DCISE products and services to DIB POCs and their corporate leadership in addition to highlighting the positive business impact of network security and participation in the DIB CS Program.
DC3 TechEx:
Bi-annual meetings between DIB Partners and USG stakeholders to share best practices, threat briefs, lessons learned, tools, and other industry insights at classified and unclassified levels.
RPEX:
Provides an opportunity for local DIB Partners within the same geographic region to have a TechEx experience on a smaller scale. DCISE Leadership and analysts provide a tailored threat brief covering the current threat landscape, specific APT trends, and threat actor TTPs. Partners have the opportunity to network, discuss topics of concern, present briefs, chair panels and collaborate.
DCISE F.I.R.E.:
One day technology-supported table top exercise event led by DCISE (in-person or remote) for DIB CS Program participants to test their skills in a variety of topics (e.g., incident response, intrusion detection) while earning CPEs for certs.
DIB Webinar:
DCISE provides a platform for DIB Partners and DCISE analysts to engage in Unclassified, detailed discussions on adversary techniques and trends. These sessions aren’t limited to just technical topics; they also cover a broad spectrum of issues relevant to the DIB, led by various experts from DCISE. In addition, DCISE runs a recurring series of introductory web conferences called “Partner Essentials” to help Partners stay informed and prepared.
DC3 DCISE Analytics Division (AD) Products
DC3 DCISE produces products ranging from indicator-based to strategic cyber threat analyses
DC3 DCISE Threat Reporting:
TIP:
Derived from USG reporting; includes relevant Indicators of Compromise (IOCs) to DIB/CDCs and narrative context
CRF Rollup/Supplement:
CRF Rollup – Derived from DIB reporting; includes relevant IOCs to DIB/CDCs and narrative context
CRF Supplement – Produced when additional amplifying data becomes available after initially reported in CRF Rollup (i.e. malware samples)
CTAR:
In-depth risk analysis product detailing adversarial cyber targeting of US DoD technology/ platforms/systems
TAR:
In-depth analysis of cyber threat actors’ TTPs against DIB targets
DC3 DCISE Notifications:
Alerts, Warnings, Advisories, TIPPERs
Vehicles to notify DIB Partners of varying levels of cyber threats (critical through situational)
DC3 DCISE Informational Reporting:
WIR:
Roundup of DCISE IOCs released in DCISE products for the given week
Cyber Threat Round-Up:
Compilation of relevant cyber news articles
Slick Sheets (on varying topics)
Mandatory vs Voluntary Reporting
Mandatory
DFARS 252.204-7012 – Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting
Cyber incident that affects:
CDI and/or the systems it resides on, or
Ability to provide operationally critical support
Voluntary
Helps DIB with situational awareness and indicator sharing
Crowdsourcing threat information
Types of events vary
No impact to DoD information
malware and Forensic Analysis
DC3 DCISE is your point of contact for submitting malware and/or other relevant files to the DC3 Cyber Forensics Laboratory (CFL) for a quick triage or an in-depth examination - for free
Can be submitted as part of a Voluntary or Mandatory ICF submission
Program Policy Related Resources
32 Code of Federal Regulations (CFR) Part 236, DoD’s DIB Cybersecurity Activities
https://www.federalregister.
gov/documents/2016/10/04/2016-
23968/department-of-defense-
dods-defense-industrial-base-
dib-cybersecurity-cs-
activities
DFARS 252.204-7012
“Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting”
https://www.acq.osd.mil/dpap/
dars/dfars/html/current/
252204.htm#252.204-7012
DFARS 252.239-7010
“Cloud Computing Services”
https://www.acq.osd.mil/dpap/
dars/dfars/html/current/
252239.htm#252.239-7010
FAR 52.204-23
“Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities”
https://www.acquisition.gov/
far/52.204-23
FAR 52.204-25
“Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment”
https://www.acquisition.gov/
far/52.204-25
Common Acronyms
Advanced Persistent Threat (APT)
Analyst-to-Analyst (A2A)
Business-to-Business (B2B)
Customer Response Form (CRF)
Cybersecurity (CS)
Cyber Targeting Analysis Report (CTAR)
DoD Cyber Crime Center (DC3)
DoD-DIB Collaborative Information Sharing Environment (DCISE)
DCISE Facilitated Incident Response Exercise (F.I.R.E.)
Defense Industrial Base (DIB)
Electronic Malware Submission (EMS)
Incident Collection Format (ICF)
Mandatory Incident Report (MIR)
Partner Familiarization Event (PFE)
Point of Contact (POC)
Public Key Infrastructure (PKI)
Request for Information (RFI)
Regional Partner Exchange (RPEX)
Threat Activity Report (TAR)
Technical Exchange (TechEx)
Threat Information Product (TIP)
Tactics, Techniques, and Procedures (TTPs)
Weekly Indicator Round-Up (WIR)
FAQs
Q: How do I become a POC?
A:
To become a POC, send an email to
DC3.DCISE@us.af.mil
and include your name, email address, and phone number.
POCs are required to have the following:
DoD-approved medium assurance certificate (see
https://public.cyber.mil/eca/
for details)
Signed Non-Disclosure Agreement
Q: Can I follow DC3/DCISE on social media?
A:
X (formerly Twitter):
https://twitter.com/DC3DCISE
LinkedIn:
https://www.linkedin.com/company/defense-cyber-crime-center/
Q: How do I submit a Mandatory Report/Voluntary Report?
A:
All Mandatory/Voluntary Reports can be submitted through the
Incident Collection Format
. You may also call the DCISE Hotline to report an incident (410) 981-0104.
Q: I am departing my company and I am the only POC listed. What should I do?
A:
Please keep DC3/DCISE updated on all personnel moves. If there is a POC change within your company, please email
DC3.DCISE@us.af.mil
with a listing of who will be the new designated POC for your company.
Q: How do I register for a Customer Portal account?
A:
Navigate to DC3 Customer Portal (
https://customerportal.dc3.mil
) and authenticate with your approved medium assurance certificate. Request an account and then request access to the DCISE Events space (be sure not to check the box for “I already have an account”). The Customer Engagement team will approve your request shortly.
Contact Information
DC3.DCISE@us.af.mil
DCISE Hotline (410) 981-0104
DIB CS Program Management Office:
OSD.DIBCSIA@mail.mil
Ways to Submit to DC3 CFL
Traditional Mail
DC3 Electronic Malware Submission (EMS) Portal (
https://ems.dc3on.gov/
)
Application Programming Interface (API) available to upload malware and retrieve analysis results
Email service account available for fast upload of suspicious email
Please do not email malware to anyone at DC3/DCISE
DIB CS Program & DC3/DCISE Videos
Watch the DIB Tech Talk Interview Series for an in-depth overview of the DoD’s DIB CS Program & DC3:
In-Depth Look at DoD’s DIB CS Program -
https://www.youtube.com/watch?
v=kIsJph_szCY
Meet DoD’s DC3/DCISE -
https://www.youtube.com/watch?
v=vb9fTKh5Cxg
Meet DoD’s Vulnerability Disclosure Program (VDP) -
https://www.youtube.com/watch?
v=wMUREvjvZeA
Malware and Forensic Analysis
DCISE is your point of contact for submitting malware and/or other relevant files to the DC3 Cyber Forensics Laboratory (CFL) for a quick triage or an in-depth examination - for free
Can be submitted as part of a Voluntary or Mandatory ICF submission
Automated Malware Response (AMR)
The DC3 Electronic Malware Submission (EMS) portal provides an option for Automated Malware Response (AMR). This capability provides:
A quick, automated analysis of your submitted malware, phishing emails, email attachments,
or other suspicious files
Results ready in less than 15 minutes
Results that include antivirus engine checks, file attributes, notable strings, YARA signature
matches, and more
Need additional help or have an unanswered question?
Reach out today! Our team is standing by to assist you:
DCISE Inbox:
DC3.DCISE@us.af.mil
DCISE Hotline: 410-981-0104