I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready With Nits. This document contains advice on using the Incident Object Description Exchange Format (IODEF) to describe incident reports. In contains general guidelines. No security-related issues are addressed; in particular guidance on setting restrictions is avoided. In the security considerations section, the authors point out that this document introduces no new security concerns other than those already addressed in RFC7870 (the IODEF RFC), and reader is referred to RFC7970 for any security questions. I agree with this, and I don’t see any need for making substantive changes. There are a couple of nits though: 1. The sentence at the bottom of page 6, beginning “IODEF implementations SHOULD not consider using their own IODEF extensions unless …” doesn’t parse. I think you can get the meaning you intended by removing the words “”is not a suitable option” at the end. 2. The “Nevertheless” at the beginning of the second sentence of the Security Considerations section is confusing. The second sentence doesn’t contradict the first; it merely elaborates on it. I’d suggest removing the word “Nevertheless.” Cathy Meadows Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil