Cybersecurity Incident

A cybersecurity incident is an event that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information it processes, stores, or transmits, or that constitutes a violation of security policies. Not every security event is an incident — incidents are events that require a response.

For defense contractors, incidents involving CUI have specific reporting obligations under DFARS 252.204-7012, including notification to the DoD within 72 hours. The definition of what constitutes a reportable incident is important — it includes not just confirmed breaches but also events where CUI may have been compromised.

Why It Matters

Understanding what constitutes a cybersecurity incident — and particularly a reportable incident involving CUI — is essential for meeting your DFARS and CMMC obligations. Having clear incident classification criteria prevents both under-reporting (compliance risk) and over-reporting (operational disruption).