TEMPLATE-STANDARD.md — Report Template Layer (the deliverable → report skeleton)
Template-layer standard. Keep loaded when building or editing report templates. This is a living standard — tweak it as the pattern matures.
Type scope: this standard governs the
(report)component type only — it is the sibling ofPROFILE-STANDARD.md(profile) and future per-type standards. The analytic anatomy below applies to reports, not to plans/designs/profiles/packages.
0. What this layer is
The report-template layer of the deliverable architecture. Each template is the report skeleton for exactly one sellable deliverable — the fixed section structure, all matrices, all headers, with [PLACEHOLDER] fill-ins and short guidance telling the analyst what belongs in each block and to what standard.
Why these exist: the analyst ingests a collection file against the matching template to produce the finished report. The template is the contract. Garbage-resistant structure in, professional IC-grade product out.
1. Altitude (read before writing a single line)
- One template = one deliverable. Standalone and specific to its deliverable. No cross-file “see the shared spine” references — each file is self-contained and complete. Common scaffolding is re-stated per file, not factored out. The network-engagement spine is replicated into each template the same way — its blocks are re-stated in the file, never transcluded; the spine standard is the authoring source, not a runtime include.
- A template is a report skeleton, not a tool list, not a worked example. No live tool names inside the template body. No sample findings — placeholders and guidance only.
- Deliverable-specific, not generic. The body sections (identity, pattern-of-life, network, financial indicators, etc.) and especially the PIRs, matrices, red-flag taxonomy, and recommendations must be tailored to this product. Draw the boundary explicitly against adjacent products (e.g., a Standard Subject Dossier defers full threat scoring to the Subject Threat Assessment, deep network expansion to the Enhanced Deep-Dive).
- When a section feels generic, that is the signal to specialize it or cut it.
2. Required anatomy (every template carries this spine; re-state it in each file)
Front matter → analytic core → body (deliverable-specific) → tradecraft close → annexes.
Front matter
# <DELIVERABLE NAME>title +[SUBJECT / INVESTIGATION TITLE]line.- Document Control table: Report Reference
[REF-YYYY-###], Date, Classification/Handling, Client, Requesting Party, Prepared By, Reviewed By, Approving Officer, Version, Distribution. - Handling & Legal Caveat block: classification/TLP marking + permissible-purpose / non–consumer-report disclaimer (FCRA) + privacy/data-protection note (GDPR/CCPA as applicable) + attorney-client/work-product line where relevant.
- Subject/Engagement Snapshot card (one-glance key facts).
- Table of Contents (numbered; page numbers populate on export to Word/PDF).
Analytic core (always, in this order)
- BLUF — 2–3 sentences: most critical finding first, overall assessment, recommended action.
- Executive Summary — triggering requirement/background; scope (in/out); narrative of key findings.
- Key Judgments — table with likelihood and analytic confidence as separate columns (never combined — ICD 203), plus a change-indicator (“what would shift this judgment”) column.
- Priority Intelligence Requirements (PIRs) — per-PIR answer/evidence/confidence + a PIR summary matrix. PIRs are the collection-management spine (PIR → Indicator → SIR → source; EEI = Joint synonym only, Army-removed 2019).
Body — deliverable-specific sections (the mission TOC). This is where templates differ from each other.
Tradecraft close (always)
- Verified Findings Summary (status: verified / unverified / contradicted; confidence; materiality).
- Red Flag / Notable Indicators (flag table + type definitions + severity rollup).
- Analysis of Competing Hypotheses (ACH) on the central judgment(s) — evidence for/against each hypothesis.
- Key Assumptions Check (KAC) — assumption, basis, confidence, impact-if-wrong.
- Collection Gaps & RFIs — gap, impact on assessment, recommended collection, priority.
- Recommendations — for named stakeholder groups + prioritized next investigative actions (LOE/resources).
Annexes (always)
- Sources & Methodology — collection methods; source register graded with the Admiralty two-axis code; the reference scales (below); statement of the likelihood-vs-confidence separation.
- Appendices — identifier/entity index, full source register, evidence archive & chain-of-custody pointer, glossary, revision history.
- End-of-report block + verification disclaimer + document-control footer.
3. Mandatory matrices & scales (reproduce verbatim in the methodology annex of every template)
These are the standardized analytic doctrine. Use these, not ad-hoc HIGH/MED/LOW alone.
Source reliability (Admiralty, A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged.
Information credibility (Admiralty, 1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged. (Each sourced datum gets a two-character grade, e.g., B2.)
Information credibility — OSINT 8-band (ATP 2-22.9, Table 2-2) — use for OSINT-discipline products. Keep A–F reliability unchanged; replace the 6-band credibility axis with the doctrinal 8-band content-credibility scale: 1 Confirmed · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Misinformation (unintentionally false) · 7 Deception (deliberately false) · 8 Cannot be judged. Bands 1–5 carry the existing Admiralty wording; 6–8 are the ATP 2-22.9 additions that grade mis- and dis-information distinctly — the open-source failure mode. New sources default to F/8. (Anchor: “6 Misinformation | Unintentionally false… 7 Deception | Deliberately false… 8 Cannot be judged” — ATP 2-22.9 Table 2-2.)
Estimative probability / likelihood (ICD 203): almost no chance / remote (01–05%) · very unlikely / highly improbable (05–20%) · unlikely / improbable (20–45%) · roughly even chance (45–55%) · likely / probable (55–80%) · very likely / highly probable (80–95%) · almost certain / nearly certain (95–99%). Use a single term set per product; numeric point/range may be layered on.
Analytic confidence (evidence base, kept separate from likelihood): HIGH (multiple independent reliable sources, primary documentation, no significant contradiction) · MODERATE (some corroboration, gaps, minor unresolved inconsistency) · LOW (single/uncorroborated source, significant gaps, plausible alternatives open). Never combine a likelihood term and a confidence level in the same sentence.
Risk scoring (where a product quantifies risk): Likelihood (1–5) × Impact (1–5) = 1–25; key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.
Identity-resolution confidence (person products): Confirmed / Probable / Possible / Unresolved, with the matched identifiers stated — disambiguation is explicit, never assumed.
4. Format conventions
- One markdown file per deliverable. Proper markdown headings (
#/##/###), markdown tables for every matrix. [BRACKETED CAPS]= a value the analyst fills in. Italic line under a header = guidance on what belongs there and the standard to meet. No prose findings, no sample data.- Numbered top-level sections (
## 1. …). TOC mirrors them; note that page numbers populate on export. - Keep the file pristine and import-clean. Explanation/justification goes in chat, not in the file.
5. Analytic & tradecraft standards baked in
- ICD 203 floor: objectivity; independence from policy/client-preferred conclusions; distinguish reporting from analyst assumptions/judgments; explain uncertainty drivers and change indicators; proper sourcing (ICD 206); consistency and logical argumentation.
- Calibrated estimative probability layered on the lexicon where the product supports it (numeric ranges, base-rate anchored).
- Likelihood (event) and confidence (evidence base) always separated.
- Admiralty grading on every sourced datum; Quality-of-Information Check reflected in the source register.
- SATs present by default: ACH + Key Assumptions Check on every product; premortem/devil’s-advocate where the judgment is high-stakes.
- Collection management: PIR → Indicator → SIR → source, with gaps closed as RFIs (EEI = Joint synonym only; Army removed EEI in 2019).
- Tool reality / verification: never assert a live tool or current fact inside a template; templates are tool-agnostic skeletons.
5a. Doctrinal Grounding layer (additive — the §2 anatomy and §3 matrices stand)
Grounds a template not just in cross-cutting analytic tradecraft (ICD-203/Admiralty/SATs) but in the governing doctrine of its capability. Additive: the existing analytic anatomy is the “produce” output and is preserved; this layer grounds everything upstream of it. Governed by the network-engagement spine and the doctrine crosswalk.
5a.1 The “Doctrinal Basis” requirement (cite)
Frontmatter (additive fields):
governing_authority:— the real authority per the crosswalk row (a military pub where one lawfully applies; else the named civilian standard). Declaring this field opts the template into the grounding gate (§5a requires the Doctrinal Basis annex).doctrine_basis:— the pubs + anchors the template imports.network_framework:/environment_framework:— the lenses activated (e.g.[cfa, sna]/[pmesii-pt, ascope, oakoc]).product_category:— I&W | current | estimative | target | S&T | CI | GMI (ATP 2-22.9 Table 4-1), mapping the firm’s monitor/assess/act modes to doctrinal product types.
The “Doctrinal Basis & Method” annex (inside the Sources & Methodology annex): names the governing authority, the imported doctrine constructs with anchors, and — for FULL/PARTIAL/GAP transparency — states explicitly where method is doctrine-derived vs. where authority is a civilian standard.
5a.2 The network-engagement spine integration (restructure)
Report templates import the spine blocks appropriate to the product: entity products carry blocks 1–4, 6–8 (block 5, meta-network/fragmentation, is scope-dependent — add it only where network scale warrants); framework products carry the spine inside IPOE Step 3. The CFA matrix and the Action Framework (lawful-effects) lanes become real sections, not citations. The lawful-effects keystone is mandatory: “neutralize” is rendered to ≥1 lawful effect (deterrence/hardening · legal process · LE referral · relationship management · de-escalation · isolation), each with a named legal authority + owner — and the token never appears as an unqualified action verb.
5a.3 The OSINT four extensions (FULL-band, OSINT-discipline only)
Grounded in ATP 2-22.9, applied upstream of the preserved analytic anatomy:
- Credibility scale → 8-band (§3 above). Keep A–F reliability; default new sources F/8.
- Process phasing. Relabel Sources & Methodology to the doctrinal Plan → Prepare → Collect → Produce (1-9) and embed the 4-step collection sequence (3-3) as a Collection Plan matrix (Requirement → Type → Open Source → Technique) with a standing caveat that only open/publicly-available techniques were used (technical/human/clandestine acquisition is “not assigned to OSINT”).
- Source-evaluation rigor. Add a Source-Role column (Primary/Secondary/Authoritative/Non-authoritative — 4-10) and a six-factor Source Evaluation Worksheet (Identity/Authority/Motive/Access/Timeliness/Consistency — 4-13) feeding the grades; a Media Source Analysis sub-section (control/structure/content; manifest vs. latent — 4-21) for media-derived products.
- Collection-OPSEC & legal frontmatter. A non-attribution/footprint-minimization field (App B: research “could unintentionally reveal CCIRs”) + a lawful-open-source compliance caveat (publicly-available only; least-intrusive-means; copyright/fair-use; the open-source boundary 1-2).
5a.4 The Bazzell practitioner layer (method, never authority)
Execution workflows (triage, knolling, selector→pivot, tiered source sequencing, broker-removal register, de-index-before-content, monitoring cadence) are cited as named practitioner methods, never as governing authority. No decayed tool/URL/broker brand names in the template body (they live in a separate dated reference dataset). Privacy/disinformation and legal-escalation levers carry a non-attorney caveat and route grey-area actions to counsel.
5a.5 Coverage-band rule (which grounding applies)
Read the discipline’s doctrine crosswalk row first:
- FULL — cite the Army/Joint pub as governing authority; the four OSINT extensions apply to OSINT products.
- PARTIAL — the NE/IPB spine governs method; cite a named civilian standard as the governing authority (e.g. USSS/ATAP/WAVR-21 for protective intelligence).
- GAP — cite the external standard (NIST/ASIS/PSC.1/ISO); the NE spine is an analytic lens only, not authority.
- Across all bands: govern METHOD by doctrine, never import AUTHORITY; military collection authorities never transfer.
6. Scope & altitude-appropriate spine
This standard governs (report) deliverables only. (plan), (retained service), and (system) deliverables are a different artifact class with their own standards — confirm a deliverable is genuinely a report (not a mis-tagged plan/design/program) before building its template.
Altitude-appropriate spine: the §2 anatomy is the default for analytic products. Operational products (e.g., skip-trace) adapt it — keep BLUF, graded sources, the product’s core confidence artifact, gaps, methodology, legal caveat; drop SAT apparatus (KJ table / ACH / KAC / premortem) that would be generic ceremony. Specialize or cut, never pad.