Doctrine Artifacts

Playbooks & Folders that drive decisions

Standardized artifacts — Playbooks, RIF/Target Folders, Mission Folders, and Net Assessments — give analysts and command a shared language and fast, auditable outputs.

ScopePre-attack → ResponseAll phases
OutputsAdvisories • IAPs • SITREPsIC/UC-ready
GroundingRIFs & PlaybooksCited sources
VersioningYAML/JSONGit-friendly

Playbooks

Preplanned guidance by threat class. Defines EEIs, procedures, and references.

Structure

Threat-class folders

Each playbook directory contains playbook.yaml (metadata), procedures.md, eeis.yaml, and references/.

playbooks/
  chemical/
    playbook.yaml
    procedures.md
    eeis.yaml
    references/...
EEIs

Essential Elements of Information

Sensors, indicators, and data you must confirm — agent type, delivery mechanism, decon status, casualty estimates, etc.

Usage

Before • During • After

Use to prepare, to guide collection during incidents, and to codify lessons learned into doctrine.

RIF / Target Folders

Response Information Folders — site-specific terrain awareness and decision aids.

Contents

What’s inside

Site plans, terrain analysis (OAKOC/KOCOA notes), plume & blast models, vulnerable points and support sites, consequence analysis, info gaps.

rif_target_folders/{jurisdiction}/{site_uid}/
  rif.yaml
  site_plans/
  terrain/
  models/{plume|blast}/
  vulnerability_map/
  consequence_analysis/
Metadata

rif.yaml fields

IDs, owners, last review, linked playbooks, structured lists of maps/models, and tracked information gaps for tasking.

Use in ops

Context for COAs

RIFs anchor IPO, inform COAs, and feed Net Assessments with real venue specifics.

Mission Folders

Incident-specific packages — combine pre-incident prep with live intelligence.

Elements

Template

Situation brief, mission statement, commander’s end state, ROE/constraints, resource matrices, intelligence annex, collection plan, RIF links, maps/photos/IPO, SITREPs, OPFOR & friendly COAs.

Structure

Folder layout

mission_folders/{incident_id}/
  mf.yaml
  intelligence_annex/{collection_plan.md, sitreps/...}
  attachments/{maps_photos, ipo_templates, rif_links}
  coas/{opfor_coas.md, friendly_coas.md}
  resources_matrix.csv
Publishing

IC/UC-ready outputs

Products (Advisories, IAPs, SITREPs) generate directly from Mission Folder + RIFs with citations and redaction by role.

Net Assessments

Decision support focused on scope, magnitude, and consequences.

Focus

Scope → Impact

Threat envelope, chain of events, consequence forecast (including second-order effects), resource posture, and RAMs.

Metadata

na.yaml fields

Incident ID, scope/magnitude, threat envelope, forecast, resource profiles, inputs (RIFs, playbooks, intel), recommended RAMs.

Role

Bridge to action

Published to IC/UC/EOCs as the primary decision brief for consequence mitigation and strategy.

How they relate

Playbooks set the pattern; RIFs ground to place; Mission Folders execute; Net Assessments decide.

1 • Playbooks

Threat-class guidance + EEIs

2 • RIF / Target Folders

Venue specifics & models

3 • Mission Folders

Incident package + COAs

4 • Net Assessment

Decision support → products (Advisories, IAPs, SITREPs)

Download starter files

Playbook/RIF/Mission/Net Assessment templates, JSON schemas, and sample data.

Download See Schemas