A cybersecurity event that has been determined to have an impact on the organization prompting the need for response and recovery.
Sources:
NIST Cybersecurity Framework Version 1.1
NIST Privacy Framework Version 1.0
from
NIST Cybersecurity Framework Version 1.1
An occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Sources:
NIST Privacy Framework Version 1.0
from
OMB M-17-12