TEMPLATE-STANDARD.md — Report Template Layer (the deliverable → report skeleton)

Template-layer standard. Keep loaded when building or editing report templates. This is a living standard — tweak it as the pattern matures.

Type scope: this standard governs the (report) component type only — it is the sibling of PROFILE-STANDARD.md (profile) and future per-type standards. The analytic anatomy below applies to reports, not to plans/designs/profiles/packages.


0. What this layer is

The report-template layer of the deliverable architecture. Each template is the report skeleton for exactly one sellable deliverable — the fixed section structure, all matrices, all headers, with [PLACEHOLDER] fill-ins and short guidance telling the analyst what belongs in each block and to what standard.

Why these exist: the analyst ingests a collection file against the matching template to produce the finished report. The template is the contract. Garbage-resistant structure in, professional IC-grade product out.


1. Altitude (read before writing a single line)

  • One template = one deliverable. Standalone and specific to its deliverable. No cross-file “see the shared spine” references — each file is self-contained and complete. Common scaffolding is re-stated per file, not factored out. The network-engagement spine is replicated into each template the same way — its blocks are re-stated in the file, never transcluded; the spine standard is the authoring source, not a runtime include.
  • A template is a report skeleton, not a tool list, not a worked example. No live tool names inside the template body. No sample findings — placeholders and guidance only.
  • Deliverable-specific, not generic. The body sections (identity, pattern-of-life, network, financial indicators, etc.) and especially the PIRs, matrices, red-flag taxonomy, and recommendations must be tailored to this product. Draw the boundary explicitly against adjacent products (e.g., a Standard Subject Dossier defers full threat scoring to the Subject Threat Assessment, deep network expansion to the Enhanced Deep-Dive).
  • When a section feels generic, that is the signal to specialize it or cut it.

2. Required anatomy (every template carries this spine; re-state it in each file)

Front matter → analytic core → body (deliverable-specific) → tradecraft close → annexes.

Front matter

  • # <DELIVERABLE NAME> title + [SUBJECT / INVESTIGATION TITLE] line.
  • Document Control table: Report Reference [REF-YYYY-###], Date, Classification/Handling, Client, Requesting Party, Prepared By, Reviewed By, Approving Officer, Version, Distribution.
  • Handling & Legal Caveat block: classification/TLP marking + permissible-purpose / non–consumer-report disclaimer (FCRA) + privacy/data-protection note (GDPR/CCPA as applicable) + attorney-client/work-product line where relevant.
  • Subject/Engagement Snapshot card (one-glance key facts).
  • Table of Contents (numbered; page numbers populate on export to Word/PDF).

Analytic core (always, in this order)

  1. BLUF — 2–3 sentences: most critical finding first, overall assessment, recommended action.
  2. Executive Summary — triggering requirement/background; scope (in/out); narrative of key findings.
  3. Key Judgments — table with likelihood and analytic confidence as separate columns (never combined — ICD 203), plus a change-indicator (“what would shift this judgment”) column.
  4. Priority Intelligence Requirements (PIRs) — per-PIR answer/evidence/confidence + a PIR summary matrix. PIRs are the collection-management spine (PIR → Indicator → SIR → source; EEI = Joint synonym only, Army-removed 2019).

Body — deliverable-specific sections (the mission TOC). This is where templates differ from each other.

Tradecraft close (always)

  • Verified Findings Summary (status: verified / unverified / contradicted; confidence; materiality).
  • Red Flag / Notable Indicators (flag table + type definitions + severity rollup).
  • Analysis of Competing Hypotheses (ACH) on the central judgment(s) — evidence for/against each hypothesis.
  • Key Assumptions Check (KAC) — assumption, basis, confidence, impact-if-wrong.
  • Collection Gaps & RFIs — gap, impact on assessment, recommended collection, priority.
  • Recommendations — for named stakeholder groups + prioritized next investigative actions (LOE/resources).

Annexes (always)

  • Sources & Methodology — collection methods; source register graded with the Admiralty two-axis code; the reference scales (below); statement of the likelihood-vs-confidence separation.
  • Appendices — identifier/entity index, full source register, evidence archive & chain-of-custody pointer, glossary, revision history.
  • End-of-report block + verification disclaimer + document-control footer.

3. Mandatory matrices & scales (reproduce verbatim in the methodology annex of every template)

These are the standardized analytic doctrine. Use these, not ad-hoc HIGH/MED/LOW alone.

Source reliability (Admiralty, A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged.

Information credibility (Admiralty, 1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged. (Each sourced datum gets a two-character grade, e.g., B2.)

Information credibility — OSINT 8-band (ATP 2-22.9, Table 2-2) — use for OSINT-discipline products. Keep A–F reliability unchanged; replace the 6-band credibility axis with the doctrinal 8-band content-credibility scale: 1 Confirmed · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Misinformation (unintentionally false) · 7 Deception (deliberately false) · 8 Cannot be judged. Bands 1–5 carry the existing Admiralty wording; 6–8 are the ATP 2-22.9 additions that grade mis- and dis-information distinctly — the open-source failure mode. New sources default to F/8. (Anchor: “6 Misinformation | Unintentionally false… 7 Deception | Deliberately false… 8 Cannot be judged” — ATP 2-22.9 Table 2-2.)

Estimative probability / likelihood (ICD 203): almost no chance / remote (01–05%) · very unlikely / highly improbable (05–20%) · unlikely / improbable (20–45%) · roughly even chance (45–55%) · likely / probable (55–80%) · very likely / highly probable (80–95%) · almost certain / nearly certain (95–99%). Use a single term set per product; numeric point/range may be layered on.

Analytic confidence (evidence base, kept separate from likelihood): HIGH (multiple independent reliable sources, primary documentation, no significant contradiction) · MODERATE (some corroboration, gaps, minor unresolved inconsistency) · LOW (single/uncorroborated source, significant gaps, plausible alternatives open). Never combine a likelihood term and a confidence level in the same sentence.

Risk scoring (where a product quantifies risk): Likelihood (1–5) × Impact (1–5) = 1–25; key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.

Identity-resolution confidence (person products): Confirmed / Probable / Possible / Unresolved, with the matched identifiers stated — disambiguation is explicit, never assumed.


4. Format conventions

  • One markdown file per deliverable. Proper markdown headings (#/##/###), markdown tables for every matrix.
  • [BRACKETED CAPS] = a value the analyst fills in. Italic line under a header = guidance on what belongs there and the standard to meet. No prose findings, no sample data.
  • Numbered top-level sections (## 1. …). TOC mirrors them; note that page numbers populate on export.
  • Keep the file pristine and import-clean. Explanation/justification goes in chat, not in the file.

5. Analytic & tradecraft standards baked in

  • ICD 203 floor: objectivity; independence from policy/client-preferred conclusions; distinguish reporting from analyst assumptions/judgments; explain uncertainty drivers and change indicators; proper sourcing (ICD 206); consistency and logical argumentation.
  • Calibrated estimative probability layered on the lexicon where the product supports it (numeric ranges, base-rate anchored).
  • Likelihood (event) and confidence (evidence base) always separated.
  • Admiralty grading on every sourced datum; Quality-of-Information Check reflected in the source register.
  • SATs present by default: ACH + Key Assumptions Check on every product; premortem/devil’s-advocate where the judgment is high-stakes.
  • Collection management: PIR → Indicator → SIR → source, with gaps closed as RFIs (EEI = Joint synonym only; Army removed EEI in 2019).
  • Tool reality / verification: never assert a live tool or current fact inside a template; templates are tool-agnostic skeletons.

5a. Doctrinal Grounding layer (additive — the §2 anatomy and §3 matrices stand)

Grounds a template not just in cross-cutting analytic tradecraft (ICD-203/Admiralty/SATs) but in the governing doctrine of its capability. Additive: the existing analytic anatomy is the “produce” output and is preserved; this layer grounds everything upstream of it. Governed by the network-engagement spine and the doctrine crosswalk.

5a.1 The “Doctrinal Basis” requirement (cite)

Frontmatter (additive fields):

  • governing_authority: — the real authority per the crosswalk row (a military pub where one lawfully applies; else the named civilian standard). Declaring this field opts the template into the grounding gate (§5a requires the Doctrinal Basis annex).
  • doctrine_basis: — the pubs + anchors the template imports.
  • network_framework: / environment_framework: — the lenses activated (e.g. [cfa, sna] / [pmesii-pt, ascope, oakoc]).
  • product_category: — I&W | current | estimative | target | S&T | CI | GMI (ATP 2-22.9 Table 4-1), mapping the firm’s monitor/assess/act modes to doctrinal product types.

The “Doctrinal Basis & Method” annex (inside the Sources & Methodology annex): names the governing authority, the imported doctrine constructs with anchors, and — for FULL/PARTIAL/GAP transparency — states explicitly where method is doctrine-derived vs. where authority is a civilian standard.

5a.2 The network-engagement spine integration (restructure)

Report templates import the spine blocks appropriate to the product: entity products carry blocks 1–4, 6–8 (block 5, meta-network/fragmentation, is scope-dependent — add it only where network scale warrants); framework products carry the spine inside IPOE Step 3. The CFA matrix and the Action Framework (lawful-effects) lanes become real sections, not citations. The lawful-effects keystone is mandatory: “neutralize” is rendered to ≥1 lawful effect (deterrence/hardening · legal process · LE referral · relationship management · de-escalation · isolation), each with a named legal authority + owner — and the token never appears as an unqualified action verb.

5a.3 The OSINT four extensions (FULL-band, OSINT-discipline only)

Grounded in ATP 2-22.9, applied upstream of the preserved analytic anatomy:

  1. Credibility scale → 8-band (§3 above). Keep A–F reliability; default new sources F/8.
  2. Process phasing. Relabel Sources & Methodology to the doctrinal Plan → Prepare → Collect → Produce (1-9) and embed the 4-step collection sequence (3-3) as a Collection Plan matrix (Requirement → Type → Open Source → Technique) with a standing caveat that only open/publicly-available techniques were used (technical/human/clandestine acquisition is “not assigned to OSINT”).
  3. Source-evaluation rigor. Add a Source-Role column (Primary/Secondary/Authoritative/Non-authoritative — 4-10) and a six-factor Source Evaluation Worksheet (Identity/Authority/Motive/Access/Timeliness/Consistency — 4-13) feeding the grades; a Media Source Analysis sub-section (control/structure/content; manifest vs. latent — 4-21) for media-derived products.
  4. Collection-OPSEC & legal frontmatter. A non-attribution/footprint-minimization field (App B: research “could unintentionally reveal CCIRs”) + a lawful-open-source compliance caveat (publicly-available only; least-intrusive-means; copyright/fair-use; the open-source boundary 1-2).

5a.4 The Bazzell practitioner layer (method, never authority)

Execution workflows (triage, knolling, selector→pivot, tiered source sequencing, broker-removal register, de-index-before-content, monitoring cadence) are cited as named practitioner methods, never as governing authority. No decayed tool/URL/broker brand names in the template body (they live in a separate dated reference dataset). Privacy/disinformation and legal-escalation levers carry a non-attorney caveat and route grey-area actions to counsel.

5a.5 Coverage-band rule (which grounding applies)

Read the discipline’s doctrine crosswalk row first:

  • FULL — cite the Army/Joint pub as governing authority; the four OSINT extensions apply to OSINT products.
  • PARTIAL — the NE/IPB spine governs method; cite a named civilian standard as the governing authority (e.g. USSS/ATAP/WAVR-21 for protective intelligence).
  • GAP — cite the external standard (NIST/ASIS/PSC.1/ISO); the NE spine is an analytic lens only, not authority.
  • Across all bands: govern METHOD by doctrine, never import AUTHORITY; military collection authorities never transfer.

6. Scope & altitude-appropriate spine

This standard governs (report) deliverables only. (plan), (retained service), and (system) deliverables are a different artifact class with their own standards — confirm a deliverable is genuinely a report (not a mis-tagged plan/design/program) before building its template.

Altitude-appropriate spine: the §2 anatomy is the default for analytic products. Operational products (e.g., skip-trace) adapt it — keep BLUF, graded sources, the product’s core confidence artifact, gaps, methodology, legal caveat; drop SAT apparatus (KJ table / ACH / KAC / premortem) that would be generic ceremony. Specialize or cut, never pad.