DIBNet

DIBNet is the Department of Defense's cyber incident reporting portal for the Defense Industrial Base. Under DFARS 252.204-7012, defense contractors are required to report any cyber incident affecting Controlled Unclassified Information (CUI) or the contractor's covered information system within 72 hours of discovery.

The report is submitted through the DIBNet portal at dibnet.dod.mil and requires specific information about the incident, the affected system, the nature of the compromise, and the contractor's initial response. Contractors must also preserve and protect compromised media for at least 90 days to support potential DoD forensic analysis.

The 72-hour reporting requirement is one of the most operationally significant elements of DFARS 252.204-7012. A C3PAO assessor will ask to see your incident response plan and walk through the DIBNet reporting workflow during a Level 2 assessment.