This directive provides a set of overarching principles and a coordinating architecture to guide Federal Government response for significant cyber incidents.

The term " cyber incident" as used in this directive means: An event occurring on or conducted through a computer network that actually or imminently jeopardizes the confidentiality, integrity, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon.

The term "significant cyber incident" as used in this directive means: A cyber incident that is (or a group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interest, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

The Five Principles of Incident Response

In carrying out cyber incident response activities the following five principles will serve as guidelines to the Federal Government:

Shared Responsibility - Individuals, the private sector, and government agencies have a shared vital interest and complementary roles and responsibilities in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences.

Risk-Based Response - The Federal government will determine its response actions and resource needs based on an assessment of the risks posed to an entity, national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

Respecting Affected Entities - Federal Government responders will safeguard details of the incident, as well as privacy and civil liberties, and sensitive private sector information.

Unity of Effort - Whichever Federal agency first becomes aware of a cyber incident will rapidly notify other relevant Federal agencies in order to facilitate a unified Federal response and ensure that the right combination of agencies responds to a particular incident.

Enabling Restoration and Recovery - Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, balancing investigative and national security requirements with the need to return to normal operations as quickly as possible