What does IR 6/7 require?

IR 6/7 centers on how incidents are reported and tracked across the agency and with the national CSIRT. The strongest answer requires establishing both a primary and a secondary point of contact with US-CERT so there’s always a reachable channel during an incident. It also mandates reporting every incident to US-CERT, not just a subset, to ensure timely visibility and sharing of indicators and lessons learned. In addition, it calls for internally documenting the corrective actions taken and assessing their impact, creating a verifiable record for accountability and improvement. The combination of having designated POCs with US-CERT, the obligation to report all incidents, and the internal documentation of actions and impact reflects a complete, traceable incident handling and reporting process. The other options omit one or more of these essential elements, such as external reporting, multiple contact points, or internal documentation alone, which is why they aren’t as comprehensive.