Major Incident

A breach constitutes a "Major Incident" when either:
a. Any incident that is likely to result in demonstrable harm to the national security interests, foreign relations, or the economy of the United States, or to the public confidence, civil liberties, or public health and safety of the American people.4 Agencies should determine the level of impact of the incident by using the existing incident management process established in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, Computer Security Incident Handling Guide, OR,
b. A breach that involves personally identifiable information (PII) that, if exfiltrated, modified, deleted, or otherwise compromised, is likely to result in demonstrable harm to the national security interests, foreign relations, or the economy of the United States, or to the public confidence, civil liberties, or public health and safety of the American people.5
In terms of a numeric threshold, the DOE SAOP will consider the character of the PII and the circumstances of the breach in making this determination, particularly where Sensitive PII (as defined below) is involved. Accordingly, in some instances breaches impacting fewer than 100,000 individuals may constitute a Major Incident. Additionally, breaches of Sensitive PII of individuals approaching or exceeding the 100,000 individual threshold may be a Major Incident even if there is no direct evidence of unauthorized access, deletion, or access.

A major incident is:

(1) Any incident that is likely to result in demonstrable harm to the national security interests, foreign relations, or the economy of the United States, or to the public confidence, civil liberties, or public health and safety of the American people. DOE should determine the level of impact of the incident by using the existing incident management process established in The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, Computer Security Incident Handling Guide; or

(2) A breach that involves PII that, if exfiltrated, modified, deleted, or otherwise compromised, is likely to result in demonstratable harm to the national security interests, foreign relations, or the economy of the United States, or to the public confidence, civil liberties, or public health and safety of the American people.