The key word in the definition is “potential.”  We also call it an “Indicator of Compromise” or IoC.

The “potential” part is wherever Confidentiality, Integrity, or Availability of the system may indicate a compromise.

The firewall or your End Point Protection software blocking malware or stopping a user from going to malicious site is not an IoC and does not need to be reported.

Remember, you need to report an Incident with 72 hours to DC3.

For more information about our Incident Response Services, please go to our CMMC Incident Response page.