LSU Incident Categories


This article has not been updated recently and may contain dated material.
Category Name Description Reporting Timeframe
CAT 0 Exercise/Network Defense Testing This category is used during state, federal, national, international exercises and approved activity testing of internal/external network defenses or responses. Not Applicable; this category is for each agency's internal use during exercises.
CAT 1 *Unauthorized Access In this category an individual gains logical or physical access without permission to a federal agency network, system, application, data, or other resource Within one (1) hour of discovery/detection.
CAT 2 *Denial of Service (DoS) An attack that successfully prevents or impairs the normal authorized functionality of networks, systems or applications by exhausting resources. This activity includes being the victim or participating in the DoS. Within two (2) hours of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate activity.
CAT 3 *Malicious Code Successful installation of malicious software (e.g., virus, worm, Trojan horse, or other code-based malicious entity) that infects an operating system or application. Agencies are NOT required to report malicious logic that has been successfully quarantined by antivirus (AV) software. Daily
Note: Within one (1) hour of discovery/detection if widespread across agency.
CAT 4 *Improper Usage A person violates acceptable computing use policies. Weekly
CAT 5 Scans/Probes/Attempted Access This category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service, or any combination for later exploit. This activity does not directly result in a compromise or denial of service. Monthly
Note: If system is classified, report within one (1) hour of discovery.
CAT 6 Investigation Unconfirmed incidents that are potentially malicious or anomalous activity deemed by the reporting entity to warrant further review. Not Applicable; this category is for each agency's use to categorize a potential incident that is currently being investigated.

 

*based on NIST SP 800-61
 

 

6991
3/27/2020 12:09:56 PM