Peerless Post | Peerless Tech Solutions

DoD Retires DIBNet: Introducing the New ICF Reporting Portal

Written by Ismail McCowin (Director of Cybersecurity & Compliance) | June 13, 2025

The Department of Defense (DoD) officially launched its new Incident Collection Format (ICF) submission process on Friday, June 6, 2025. This critical update impacts all members of the Defense Industrial Base (DIB) and any contractors handling Controlled Unclassified Information (CUI) under DFARS 252.204-7012.

Whether you're a cybersecurity lead, compliance officer, or contract program manager, understanding this new process is essential to maintaining compliance with DoD cyber incident reporting requirements.

What’s Changing?

If you are processing CUI, according to DFARS 7012, all cyber incidents must be reported within 72 hours. Previously, these incidents were reported to the DIBnet. However, effective June 6, 2025, the former DIBnet portal (dibnet.dod.mil) has been decommissioned.

What Does This Mean for My Business?

All contractors, organizations, and entities that store, process, and transmit CUI should change their Incident Response Policy and Plan to reflect this change. If your team needs help updating documentation, Peerless provides fully editable Policy Templates mapped to all 110 NIST 800-171 controls—included with our Comprehensive Gap Assessments or available for individual purchase.

Cyber incident report submissions are no longer made through a web form, organizations are now required to:

  1. Submit ICFs through a new portal at dcise.cert.org,
  2. Download the resulting ICF XML file, and
  3. Securely transmit that file to DC3 via encrypted email or DoD SAFE.

Updated ICF Submission Flow

Step 1: Redirect from DIBNet

IMPORTANT NOTE: A DoD-Approved Medium Assurance Certificate — such as a Common Access Card (CAC) or External Certificate Authority (ECA) — is required to access the new ICF reporting website (https://icf.dcise.cert.org/).

To obtain a DoD-approved Medium Assurance Certificate, please click here and/or contact your Contracting Officer (CO) or Contracting Officer Representative (COR). 

If you have a CAC or ECA, continue with Steps 2 through 4. If not, go to Step 5.

Step 2: Visit New ICF Portal

Step 3: Complete ICF

Fill out the ICF form in the web portal and download the generated files, which include:

  • ICF XML file
  • Submission instructions
  • DC3 DCISE contact card (.vcf)
    Note: This step only creates the report. You must still submit it via a secure method.

Step 4: Submit to DC3

 Option A: Submit your ICF via Encrypted Email

  1. Open your email client and load the DCISE contact card (it contains the encryption certificate).
  2. Create an email with the following information:
     
    1. To: dcise@us.af.mil
    2. Subject: “ICF Submission for [COMPANY NAME]”
    3. Attach: the ICF XML file
  3. Ensure encryption is enabled.
  4. Send email to DC3.

Option B: If you are having problems encrypting your email

  1. Email dcise@us.af.mil and request a DoD SAFE Drop-Off link.
  2. Upload the ICF XML file through the provided link.

Once received, DC3 will assign an incident number and return the ICF report in .txt format for your records.

Step 5: You don’t have a DoD-Approved Medium Assurance Certificate

  1. If you cannot access the ICF portal, you must contact DC3 directly.
  2. Please email dcise@us.af.mil or call the DoD-Defense Industrial Base Collaborative Information Sharing Environment (DICISE) hotline at 410-981-0104 or 1-877-838-2174 for further assistance.

Please review the DC3 brochure with more information about mandatory incident reporting here.

Access Issues

Some users may experience trouble accessing icf.dcise.cert.org due to:

  • CAC/ECA auth conflicts (especially from non-.mil domains)
  • Web proxies or browser isolation settings

If so, work with your IT administrators to allow traffic to icf.dcise.cert.org or try accessing from inside your corporate network.

Contact Information

Final Takeaways

  • All organizations subject to DFARS 7012 must immediately adopt this new workflow.
  • Failure to follow this process could result in non-compliance, impacting contract eligibility.

At Peerless Tech Solutions, we help clients update their Incident Response Plans (IRPs) and train their teams on incident response reporting.

We also provide fully editable NIST 800-171 Policy Templates, mapped directly to all 110 controls, to help clients stay audit-ready and compliant. These are included with every Comprehensive Gap Assessment and are also available for purchase a la carte.

That’s why Peerless offers Compliance Maintenance and Consulting as an add-on or follow-up to our Gap Assessments—ensuring clients receive continued support as requirements evolve.

Need help updating your current policies or want to review the template set? Reach out to our compliance team here.

Don’t get caught out of compliance due to a change you didn’t know about. Call Peerless today!
View full post