As per the New York State Information Security Policy, State government entities must notify the Cyber Incident Response Team (CIRT) of any cyber incident which may have a significant or severe impact on operations or security, or which involves digital forensics, to ensure proper incident response procedures, coordination and oversight.
Notification should include as much of the information contained on the following form as possible:
PLEASE NOTE: This form must be encrypted if it contains sensitive information and is emailed to the CIRT. You may send the Incident Notification Report to the CIRT through the New York State Secure Portal (for members only) or consider using the CIRT's PGP public key available below.
This key should be used to encrypt all sensitive information sent to the CIRT.
PLEASE NOTE: Effective November 20, 2013, the CIRT has changed its public key. For communications requiring public key encryption, please make sure this key is in your key ring.