Incident Reporting

As per the New York State Information Security Policy, State government entities must notify the Cyber Command Center of any cyber incident which may have a significant or severe impact on operations or security, or which involves digital forensics, to ensure proper incident response procedures, coordination and oversight.

Cyber Incident Reporting Procedures

Cyber Incident Reporting - Quick Reference Sheet

Notification should include as much of the information contained on the following form as possible:

Incident Notification Report Form

PLEASE NOTE: This form must be encrypted if it contains sensitive information and is emailed to the Cyber Command Center. Note: The NYS Office 365 "tenancy" is encrypted.  If you are outside of this "tenancy" you may send the Incident Notification Report to the Cyber Command Center through the New York State Secure Portal (for members only) or consider using the Cyber Command Center's PGP public key available below.

Public Key

Cyber Command Center Public Key:

Text Version (select this if you don't have PGP software) || PGP - (ready version)

This key should be used to encrypt all sensitive information sent to the Cyber Command Center.

PLEASE NOTE: Effective March 14, 2016, the Cyber Command Center has changed its public key. For communications requiring public key encryption, please make sure this key is in your key ring.