The CERT-In Directions of April 2022 require reporting of specified incident categories within six hours of detection. In practice this is rarely the hard part — most mature SOCs can draft a report in well under that window once an incident is confirmed.
The harder problem is time-to-detect and time-to-confirm. A six-hour reporting clock is only achievable if triage, escalation and confirmation happen inside a much smaller window — typically under an hour for anything in scope. That is a staffing and runbook question: L1 triage criteria, L2 escalation thresholds, and a pre-approved communication path to the CISO and compliance team, rehearsed rather than improvised.
SOC-CMM's "Process" and "Services" domains are useful here because they force the question most organisations skip: not "do we have an incident response plan", but "how long, measured, does it take us to move an alert from raised to confirmed".