In Federal Agency Incident Reporting Categories, which category corresponds to Malicious Code?

Incidents are categorized to standardize reporting and guide how agencies respond, communicate risk, and allocate resources. Malicious code refers to malware such as viruses, worms, Trojan programs, or ransomware that executes code to harm or take control of a system. In the Federal Agency Incident Reporting Categories, this type of malware-driven event is placed in CAT 3. Labeling malware events as CAT 3 helps responders recognize that the incident involves malicious software and requires typical malware handling steps—containment, eradication, and recovery—while clarifying the nature of the threat for coordination with other teams. Other incident types, like unauthorized access or data exposure, belong in different categories, so categorizing Malicious Code as CAT 3 keeps the taxonomy aligned with the actual risk and response actions involved.