The US Federal Government requires various categories of security incidents.
|
Incident Type
|
Features
|
Category
|
|
network defense testing
|
exercises and approved activity testing of network defenses or responses
|
CAT 0
|
|
unauthorized access
|
access without permission
|
CAT 1
|
|
denial of service (DoS)
|
attack to exhaust resources
|
CAT 2
|
|
malicious code
|
malware
|
CAT 3
|
|
improper usage
|
violation of acceptable use policies
|
CAT 4
|
|
attempted access or probe
|
seeks access, open ports, etc to be exploited later
|
CAT 5
|
|
under investigation
|
unconfirmed incidents being reviewed
|
CAT 6
|
|
Category
|
Reporting Timeframe
|
|
CAT 0
|
NA
|
|
CAT 1
|
within 1 hour
|
|
CAT 2
|
within 2 hours
|
|
CAT 3
|
within 1 hour if widespread, else once daily
|
|
CAT 4
|
weekly
|
|
CAT 5
|
within 1 hour if classified, else monthly
|
|
CAT 6
|
NA
|
