CSMS 60261003·Operational·April 19, 2024·View on csms.cbp.gov ↗

CBP Provides Guidance on Reporting Indicators of Compromise Related to Cyberattacks

Plain-English explanation

CSMS 60261003 is a U.S. Customs and Border Protection (CBP) Cargo Systems Messaging Service bulletin (operational), published on April 19, 2024. It carries the official CBP guidance brokers and importers must follow for the topic — "CBP Provides Guidance on Reporting Indicators of Compromise Related to Cyberattacks". CSMS messages are the operational layer between Commerce determinations and at-the-border collections: when Commerce publishes a new rate, scope ruling, or instruction, CBP turns it into a CSMS that ACE/ACS systems and brokers act on.

Message body

Full text as published by U.S. Customs and Border Protection

CSMS # 60261003 - CBP Provides Guidance on Reporting Indicators of Compromise Related to Cyberattacks U.S. Customs and Border Protection sent this bulletin at 04/19/2024 12:07 PM EDT Cargo Systems Messaging Service CSMS # 60261003 - CBP Provides Guidance on Reporting Indicators of Compromise Related to Cyberattacks In March 2024, U.S. Customs and Border Protection (CBP) released guidance on best practices for members of industry to report relevant information to the agency in the event of a cyber-attack. The guidance encourages industry to report indicators of compromise to CBP so that the agency can limit the impact of a cyber-attack and more quickly reconnect CBP systems access for impacted parties. The resource highlights the importance of reporting indicators of compromise, or IOCs, to CBP, identifying several common IOCs and how to report them. IOCs are forensic evidence of a network breach – such as unusual network traffic or anomalies in user activity − that can provide insight into attack methods and trends which, in turn, inform prevention, mitigation, and response measures for future incidents. Recognizing and reporting IOCs also helps protect CBP and industry systems from malware. You can access this new guidance document, as well as other documents and guidance on cyber incidents, at CBP’s Trade Cybersecurity website . Questions about cyber incident reporting can be directed to cbpsoc@cbp.dhs.gov . Final IOC Slick Sheet_Formatted Design and 508_03.28.24.pdf Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page . You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com . This service is provided to you at no charge by U.S. Customs and Border Protection . Privacy Policy | GovDelivery is providing this information on behalf of U.S. Department of Homeland Security, and may not use the information for any other purposes. Powered by Privacy Policy | Cookie Statement | Help

Frequently asked questions

What is CSMS 60261003?

CSMS 60261003 is a U.S. Customs and Border Protection (CBP) Cargo Systems Messaging Service bulletin titled "CBP Provides Guidance on Reporting Indicators of Compromise Related to Cyberattacks". CSMS bulletins are the operational instructions CBP issues to brokers, importers, and ACE filers covering rate changes, system updates, scope guidance, and other day-to-day customs-operations changes.

When was CSMS 60261003 published?

CBP published CSMS 60261003 on April 19, 2024. The bulletin's instructions are typically operative as of the publication date unless the body specifies a different effective date.

Is the CBP CSMS the legally binding instruction?

Yes — for at-the-border filing and entry collection. CSMS messages translate Commerce's Federal Register determinations into operational CBP instructions that ACE/ACS systems and brokers execute. The Federal Register notice is the underlying legal authority; the CSMS is the operational implementation. Both should be read together when reconciling a rate or scope change.

Learn more

Tandom guides relevant to CBP CSMS messages

Subscribe to and triage CBP CSMS messages

How to subscribe to CBP Cargo Systems Messaging Service and triage the messages that change broker filing behavior, without losing the ones that matter.

Open resource

Real-time alerts when a CSMS message changes a duty rate

Set up alerts when a CBP CSMS message changes a duty rate on an HTS code you depend on. Built for brokers, forwarders, and importer compliance teams.