GovCERT Austria is responsible for taking receipt of reports on risks, incidents and security incidents in the context of public administrative bodies (Section 22 para 2 and para 3 Network and Information System Security Act – NIS Act).
Reports on risks, incidents and security incidents in the context of public administration can be submitted via the NIS reporting portal:
Pursuant to section 19 para 3 NIS Act, mandatory NIS reports must contain the following:
"The report must contain all relevant information concerning the security incident and the technical framework conditions known at the time of the initial notification, in particular the suspected or actual cause, the information technology affected, the type of facility or installation affected. Information on circumstances relating to the security incident which become known later shall be provided in subsequent notifications and ultimately in a final notification without undue further delay."