An occurrence that results in actual or potential jeopardy to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. See cyber incident. See also event, security-relevant, and intrusion.
Sources:
CNSSI 4009-2015
under incident
from
FIPS 200 - Adapted
Anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle of a project, product, service, or system.
Sources:
NIST SP 800-160v1r1
under incident
from
ISO/IEC/IEEE 15288:2015
An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Sources:
NIST SP 800-171r3
under incident
from
44 U.S.C., Sec. 3552
NIST SP 800-172
under incident
from
44 U.S.C., Sec. 3552
NIST SP 800-172A
under incident
from
44 U.S.C., Sec. 3552
NIST SP 800-37 Rev. 2
under incident
from
44 U.S.C., Sec. 3552
NIST SP 800-53 Rev. 5
under incident
from
PL 113-283 (FISMA)
An occurrence that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Sources:
NIST SP 800-128
under incident
from
44 U.S.C., Sec. 3552
An occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Sources:
NIST SP 800-61r3
under cybersecurity incident
from
PL 113-283 (FISMA)
A cybersecurity event that has been determined to have an impact on the organization prompting the need for response and recovery.
Sources:
NIST Cybersecurity Framework Version 1.1
NIST Privacy Framework Version 1.0
from
NIST Cybersecurity Framework Version 1.1
An occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Sources:
NIST Privacy Framework Version 1.0
from
OMB M-17-12