You work in the SOC of a U.S. federal agency where a data breach has just occurred. Multiple entities might need to be alerted, based on federal incident notification guidelines. However, which external stakeholder must you notify if the confidentiality, integrity, or availability of the system has been compromised?

If the confidentiality, integrity, or availability of a U.S. federal agency’s system has been compromised, you must notify the United States Computer Emergency Readiness Team (US-CERT). US-CERT is the primary federal agency responsible for coordinating responses to cybersecurity incidents in the United States, including those affecting federal agencies. They can provide guidance and assistance in managing and responding to such incidents.

While law enforcement agencies like the FBI may be involved in certain cases, US-CERT is the designated authority for reporting and handling cybersecurity incidents affecting federal agencies. It’s essential to follow the federal incident notification guidelines, and US-CERT plays a central role in that process.