Download:
pdf |
pdfIndicator Type Checkbox
Requirements
On the impact details section each Indicator Type
should have a checkbox that allows users to report
whether that particular indicator has sensitive data
with the following text after the checkbox:
“The information contained in this submission
should be considered commercial, financial, and
proprietary under the Cybersecurity Information
Sharing Act of 2015 ”
Note
This new checkbox is located within the
Indicator type question under “Impact
Details
If the user indicates “United States Federal
Government” under the Organization Details,
this check box WILL NOT appea
This checkbox will be asked for each Indicator
type the user adds.
�Major Incident
Note
These questions will determine if a Fed Gov
submission constitutes as a major incident
Located under “Impact Details
This question will only appear if the user
indicates “United States Federal Government”
under the Organization Details
Flow
If the user selects “No”, no follow up questions
will be asked.
If the user selects “Yes” a popup will appear with
the check boxes as seen in the screenshot.
Note: There are three conditions that will confirm
the incident is a major incident.
If any of the three following conditions are true,
then the incident is confirmed as a major incident.
All 3 options do not have to be true, just one or
more.
�Major Incident - Condition 1
Condition 1 Flow
If the user selects any option other than "none
of the above apply" within the pop-up, it will
be classified as a major incident, regardless
of their responses to the follow up questions
1
Once the user selects their check boxes and
2
clicks confirm, the Major Incident question will
be marked as YES, and new fields will appear
below
Users will then proceed to check all applicable
boxes to the follow up questions.
3
�Major Incident - Condition 2
Condition 2 Flow
If user selects “None of above apply” and
clicks confirm, follow up questions will then
determine if the incident is indeed a major
incident
If user selects any of the PII options (not just
otherwise compromised) the option of “and is
1
likely to result in demonstrable harm” will
appear.
The user then selects one or more options
from the “demonstrable harm” list. This will
confirm the incident is a major incident.
2
3
�Major Incident - Condition 3
1
2
Condition 3 Flow
If user selects “None of above apply” and
clicks confirm, follow up questions will then
determine if the incident is indeed a major
incident
The user then selects any option here of an
impact against 100,000+ people. This confirms
the incident is a major incident.
�Major Incident - Not a Major Incident
1
2
Condition Flow
If user selects “None of above apply” and
clicks confirm, follow up questions will then
determine if the incident is indeed a major
incident
The user then “None of the above apply”,
the original major incident question is
automatically marked as “No” and a message
will display explaining the criteria they
imputed DOES NOT meet a major incident
per OMB’s policy. A link to view the current
policy will also be present.
�Major Incident
Flow
Once it has been determined if the incident is a
major incident, the user will then continue to the
next question. This will be a simple YES or NO with
no additional follow up questions.
If the incident is not a major incident, the question
will not be asked
�Organization Details Updates
Note
Under Organization Details, before the user
selects their organization, they will be asked to
answer to select options that apply
Their selection here, will determine the follow
up questions that will appear.
�Organization Details Updates
User selects:
“I am reporting for a Federal Government...
1
If the user selects this option, the follow up
organization details questions will appear
The “What type of organization are you”
question will be pre-filled to “United States
Federal Government
The user will then select the appropriate
federal agency and sub agency
2
3
�Organization Details Updates
User selects:
“I am reporting to CISA to satisfy a regulatory...
1
2
If the user selects this option, the user will then be
presented with a series of check boxes
Here the user will be ask to select their applicable
reporting requirements.
Note: If the user selects “other”, they will be asked to
enter a “Regulator” and any related “Regulations”.
The user will have to option to additional related
regulations. The user will also have the option to add
additional regulators with it’s own set of regulations.
�Organization Details Updates
Once completed, the user will then select the type of
organization from a drop-down. Depending on the
the organization selected, follow up questions
regarding that particular organization will appear.
Lastly, the user can enter the org tracking number if
applicable.
3
�Organization Details Updates
User selects:
“I am voluntarily reporting...
If the user selects this option, the first two options
will be disabled as they are not applicable with this
selection
1
2
Once completed, the user will then select the type of
organization from a drop-down. Depending on the
the organization selected, follow up questions
regarding that particular organization will appear.
Lastly, the user can enter the org tracking number if
applicable.
NOTE: The user can uncheck this selection to
enable the first two options
�Organization Details Updates
User selects:
“I am reporting for a Federal Government...”
AND
“I am reporting to CISA to satisfy a regulatory...
1
The user selects BOTH these options together
Here the user will be ask to select their applicable
reporting requirements
The “What type of organization are you” question
will be pre-filled to “United States Federal
Government
2
The user will then select the appropriate federal
agency and sub agency
3
4
�Critical Infrastructure Updates
Note
This is located under the Organization Details
sectio
This update asks an additional question when
the user selects “Critical Infrastructure/
Private industry” as their organization
1
Flo
The user selects “Critical Infrastructure/
Private industry” as their organizatio
User selects the associated Secto
A new drop-down will appear, asking the user
to select their sector’s associated sub-sector.
2
3
�
| File Type | application/pdf |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |