Photo Courtesy of [photo credit]
Insert organization logo or seal
here
[Insert Picture of Your Facility]
[Insert Exercise
Name]
After-Action Report /
Improvement Plan
[Insert Date]
The After-Action Report / Improvement Plan (AAR / IP) aligns exercise objectives with
preparedness doctrine to include the National Preparedness Goal and related frameworks and
guidance. Exercise information required for preparedness reporting and trend analysis is
included. Users are encouraged to add additional sections as needed to support their own
organizational needs.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
[Sponsor Organization]
[INSERT CAVEAT]
This page is intentionally left blank
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Exercise Overview 1 [Sponsor Organization]
[INSERT CAVEAT]
EXERCISE OVERVIEW
Exercise Name [Insert Exercise Name] Tabletop Exercise (TTX)
Exercise Dates [Indicate the start and end dates of the exercise]
Scope
This exercise is a TTX planned for [exercise duration] at [exercise location].
Exercise play is limited to [exercise parameters].
Mission Area(s)
Prevention, Protection, Mitigation, Response, and Recovery [Select
Appropriate Mission Areas]
Core
Capabilities
Planning; Public Information and Warning; Operational Coordination;
Intelligence and Information Sharing; Interdiction and Disruption; Screening,
Search, and Detection; Forensics and Attribution; Access Control and
Identity Verification; Supply Chain Integrity and Security; Physical
Protective Measures; Risk Management for Protection Programs and
Activities; Cybersecurity; Community Resilience; Long-Term Vulnerability
Reduction; Risk and Disaster Resilience Assessment; Threats and Hazard
Identification; Infrastructure Systems; Critical Transportation;
Environmental Response / Health and Safety; Public Health, Healthcare, and
Emergency Medical Services; On-Scene Security, Protection, and Law
Enforcement; Mass Search and Rescue Operations; Logistics and Supply
Chain Management; Operational Communications; Mass Care Services;
Situational Assessment; Fatality Management Services; Fire Management
and Suppression; Economic Recovery; Health and Social Services; Housing;
Natural and Cultural Resources [Select Appropriate Core Capabilities]
Objectives
1. [Insert objectives listed in situation manual]
Threat or
Hazard
[Insert Scenario]
Scenario
An interactive, discussion-based exercise focused on [insert scenario
description]. The scenario consists of [insert number] modules: [List module
titles]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Exercise Overview 2 [Sponsor Organization]
[INSERT CAVEAT]
Sponsor
[Insert the name of the sponsor organization, as well as any grant programs
being used, if applicable]
Participating
Organizations
[Insert a brief summary of the total number of participants and participation
level (i.e., Federal, State, local, tribal, non-governmental organizations
(NGOs), private sector, and/or international agencies). Consider including
the full list of participating agencies in Appendix D. Delete Appendix D if
not required.]
Points of
Contact
[Insert the name, title, agency, address, phone number, and email address of
the primary exercise point of contact (e.g., exercise director or exercise
sponsor)]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Analysis of Exercise Objectives 3 [Sponsor Organization]
[INSERT CAVEAT]
ANALYSIS OF EXERCISE OBJECTIVES
The following section provides an overview of performance related to each exercise objective
and associated core capability, highlighting strengths and areas for improvement. The table
below aligns the exercise objectives to core capabilities, providing a consistent framework and
methodology for assessing capabilities across jurisdictions and disciplines.
Objective
Core Capability
[Insert objectives listed in situation manual.]
• [Insert objective-specific core
capabilities listed in situation
manual.]
[Insert objectives listed in situation manual.]
• [Insert objective-specific core
capabilities listed in situation
manual.]
[Insert objectives listed in situation manual.]
• [Insert objective-specific core
capabilities listed in situation
manual.]
[Insert objectives listed in situation manual.]
• [Insert objective-specific core
capabilities listed in situation
manual.]
Table 1. Alignment of Core Capabilities and Exercise Objectives
The following sections provide an overview of the performance related to each exercise
objective and associated core capability, highlighting strengths and areas for improvement.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Analysis of Exercise Objectives 4 [Sponsor Organization]
[INSERT CAVEAT]
This page is intentionally left blank.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 1 5 [Sponsor Organization]
[INSERT CAVEAT]
Objective 1: [Insert Objective 1 from situation manual].
Core Capabilities: [Insert aligned core capabilities from situation manual]
Strengths
The following strengths related to this objective were observed in the exercise: [List as many
major strengths as observed]
Strength 1: [Use complete sentences to describe each major strength.]
Strength 2: [Use complete sentences to describe each major strength.]
Strength 3: [Use complete sentences to describe each major strength.]
Areas for Improvement
There is opportunity to improve in the following areas:
Area for Improvement 1: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. If a strength was identified,
include any relevant innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
Area for Improvement 2: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 1 6 [Sponsor Organization]
[INSERT CAVEAT]
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 2 7 [Sponsor Organization]
[INSERT CAVEAT]
Objective 2: [Insert Objective 2 from situation manual].
Core Capabilities: [Insert aligned core capabilities from situation manual]
Strengths
The following strengths related to this objective were observed in the exercise: [List as many
major strengths as observed]
Strength 1: [Use complete sentences to describe each major strength.]
Strength 2: [Use complete sentences to describe each major strength.]
Strength 3: [Use complete sentences to describe each major strength.]
Areas for Improvement
There is opportunity to improve in the following areas:
Area for Improvement 1: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
Area for Improvement 2: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 2 8 [Sponsor Organization]
[INSERT CAVEAT]
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 3 9 [Sponsor Organization]
[INSERT CAVEAT]
Objective 3: [Insert Objective 3 from situation manual].
Core Capabilities: [Insert aligned core capabilities from situation manual]
Strengths
The following strengths related to this objective were observed in the exercise: [List as many
major strengths as observed]
Strength 1: [Use complete sentences to describe each major strength.]
Strength 2: [Use complete sentences to describe each major strength.]
Strength 3: [Use complete sentences to describe each major strength.]
Areas for Improvement
There is opportunity to improve in the following areas:
Area for Improvement 1: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
Area for Improvement 2: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 3 10 [Sponsor Organization]
[INSERT CAVEAT]
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 4 11 [Sponsor Organization]
[INSERT CAVEAT]
Objective 4: [Insert Objective 4 from situation manual].
Core Capabilities: [Insert aligned core capabilities from situation manual]
Strengths
The following strengths related to this objective were observed in the exercise: [List as many
major strengths as observed]
Strength 1: [Use complete sentences to describe each major strength.]
Strength 2: [Use complete sentences to describe each major strength.]
Strength 3: [Use complete sentences to describe each major strength.]
Areas for Improvement
There is opportunity to improve in the following areas:
Area for Improvement 1: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
Area for Improvement 2: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Objective 4 12 [Sponsor Organization]
[INSERT CAVEAT]
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix A: Improvement Plan A-1 [Sponsor Organization]
[INSERT CAVEAT]
APPENDIX A: IMPROVEMENT PLAN
This Improvement Plan has been developed specifically for [Organization or Jurisdiction] as a result of [Exercise Name] conducted on
[date of exercise].
1
Capability Elements are: Planning, Organization, Equipment, Training, or Exercise.
Exercise
Objective
Core
Capability
Issue/Area for
Improvement
Corrective Action
Capability
Element
1
Primary
Responsible
Organization
Organization
POC
Start Date
Completion
Date
[Exercise
Objective #1]
[Core
Capability
Name]
1. [Area for
Improvement]
[Corrective Action
1]
[Core
Capability
Name]
[Corrective Action
2]
[Core
Capability
Name]
[Corrective Action
3]
[Core
Capability
Name]
2. [Area for
Improvement]
[Corrective Action
1]
[Core
Capability
Name]
[Corrective Action
2]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix A: Improvement Plan A-2 [Sponsor Organization]
[INSERT CAVEAT]
This page is intentionally left blank.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-1 [Sponsor Organization]
[INSERT CAVEAT]
APPENDIX B: CORE CAPABILITIES
The following excerpts are taken from the U.S. Department of Homeland Security’s National
Preparedness Goal, September 2015. [Remove core capabilities not addressed in this exercise.]
Planning (All Mission Areas)
Definition: Conduct a systematic process engaging the whole community as appropriate in the
development of executable strategic, operational, and/or tactical-level approaches to meet
defined objectives.
Preliminary Target:
1. Identify critical objectives during the planning process, provide a complete and integrated
picture of the sequence and scope of the tasks to achieve the objectives, and ensure the
objectives are implementable within the time frame contemplated within the plan using
available resources for prevention-related plans. (Prevention)
2
2. Develop and execute appropriate courses of action in coordination with local, state, tribal,
territorial, Federal, and private sector entities in order to prevent an imminent terrorist
attack within the United States. (Prevention)
3. Develop protection plans that identify critical objectives based on planning requirements,
provide a complete and integrated picture of the sequence and scope of the tasks to
achieve the planning objectives, and implement planning requirements within the time
frame contemplated within the plan using available resources for protection-related plans.
(Protection)
4. Implement, exercise, and maintain plans to ensure continuity of operations. (Protection)
5. Develop approved hazard mitigation plans that address relevant threats/hazards in
accordance with the results of their risk assessment within all local, state, tribal,
territorial, and Federal partners. (Mitigation)
6. Develop operational plans that adequately identify critical objectives based on the
planning requirement, provide a complete and integrated picture of the sequence and
scope of the tasks to achieve the objectives, and are implementable within the time frame
contemplated in the plan using available resources. (Response)
7. Convene the core of an inclusive planning team (identified pre-disaster), which will
oversee disaster recovery planning. (Recovery)
8. Complete an initial recovery plan that provides an overall strategy and timeline,
addresses all core capabilities, and integrates socioeconomic, demographic, accessibility,
technology, and risk assessment considerations (including projected climate change
impacts), which will be implemented in accordance with the timeline contained in the
plan. (Recovery)
2
Specific mission area added only for those core capabilities which cover more than one mission area.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-2 [Sponsor Organization]
[INSERT CAVEAT]
Public Information and Warning (All Mission Areas)
Definition: Deliver coordinated, prompt, reliable, and actionable information to the whole
community through the use of clear, consistent, accessible, and culturally and linguistically
appropriate methods to effectively relay information regarding any threat or hazard, as well as
the actions being taken and the assistance being made available, as appropriate.
Preliminary Target:
1. Share prompt and actionable messages, to include National Terrorism Advisory System
alerts, with the public and other stakeholders, as appropriate, to aid in the prevention of
imminent or follow-on terrorist attacks, consistent with the timelines specified by existing
processes and protocols. (Prevention)
2. Provide public awareness information to inform the general public on how to identify and
provide terrorism-related information to the appropriate law enforcement authorities,
thereby enabling the public to act as a force multiplier in the prevention of imminent or
follow-on acts of terrorism. (Prevention)
3. Use effective and accessible indication and warning systems to communicate significant
hazards to involved operators, security officials, and the public (including alerts,
detection capabilities, and other necessary and appropriate assets). (Protection)
4. Communicate appropriate information, in an accessible manner, on the risks faced within
a community after the conduct of a risk assessment. (Mitigation)
5. Inform all affected segments of society by all means necessary, including accessible
tools, of critical lifesaving and life-sustaining information to expedite the delivery of
emergency services and aid the public to take protective actions. (Response)
6. Deliver credible and actionable messages to inform ongoing emergency services and the
public about protective measures and other life-sustaining actions and facilitate the
transition to recovery. (Response)
7. Reach all populations within the community with effective actionable recovery-related
public information messaging and communications that are accessible to people with
disabilities and people with limited English proficiency, protect the health and safety of
the affected population, help manage expectations, and ensure stakeholders have a clear
understanding of available assistance and their roles and responsibilities. (Recovery)
8. Support affected populations and stakeholders with a system that provides appropriate,
current information about any continued assistance, steady state resources for long-term
impacts, and monitoring programs in an effective and accessible manner. (Recovery)
Operational Coordination (All Mission Areas)
Definition: Establish and maintain a unified and coordinated operational structure and process
that appropriately integrates all critical stakeholders and supports the execution of core
capabilities.
Preliminary Target:
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-3 [Sponsor Organization]
[INSERT CAVEAT]
1. Execute operations with functional and integrated communications among appropriate
entities to prevent initial or follow-on terrorist attacks within the United States in
accordance with established protocols. (Prevention)
2. Establish and maintain partnership structures among Protection elements to support
networking, planning, and coordination. (Protection)
3. Establish protocols to integrate mitigation data elements in support of operations with
local, state, tribal, territorial, and insular area partners and in coordination with Federal
agencies. (Mitigation)
4. Mobilize all critical resources and establish command, control, and coordination
structures within the affected community and other coordinating bodies in surrounding
communities and across the Nation and maintain as needed throughout the duration of an
incident. (Response)
5. Enhance and maintain command, control, and coordination structures, consistent with the
National Incident Management System (NIMS), to meet basic human needs, stabilize the
incident, and transition to recovery. (Response)
6. Establish tiered, integrated leadership, and inclusive coordinating organizations that
operate with a unity of effort and are supported by sufficient assessment and analysis to
provide defined structure and decision-making processes for recovery activities.
(Recovery)
7. Define the path and timeline for recovery leadership to achieve the jurisdiction’s
objectives that effectively coordinates and uses appropriate local, state, tribal, territorial,
insular area, and Federal assistance, as well as nongovernmental and private sector
resources. This plan is to be implemented within the established timeline. (Recovery)
Intelligence and Information Sharing (Prevention, Protection)
Definition: Provide timely, accurate, and actionable information resulting from the planning,
direction, collection, exploitation, processing, analysis, production, dissemination, evaluation,
and feedback of available information concerning physical and cyber threats to the United States,
its people, property, or interests; the development, proliferation, or use of weapons of mass
destruction (WMDs); or any other matter bearing on U.S. national or homeland security by local,
state, tribal, territorial, Federal, and other stakeholders. Information sharing is the ability to
exchange intelligence, information, data, or knowledge among government or private sector
entities, as appropriate.
Preliminary Target:
1. Anticipate and identify emerging and/or imminent threats through the intelligence cycle.
(Prevention)
2. Share relevant, timely, and actionable information and analysis with local, state, tribal,
territorial, Federal, private sector, and international partners and develop and disseminate
appropriate classified/unclassified products. (Prevention)
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-4 [Sponsor Organization]
[INSERT CAVEAT]
3. Ensure local, state, tribal, territorial, Federal, and private sector partners possess or have
access to a mechanism to submit terrorism-related information and/or suspicious activity
reports to law enforcement. (Prevention)
4. Anticipate and identify emerging and/or imminent threats through the intelligence cycle.
(Protection)
5. Share relevant, timely, and actionable information and analysis with local, state, tribal,
territorial, Federal, private sector, and international partners and develop and disseminate
appropriate classified/unclassified products. (Protection)
6. Provide local, state, tribal, territorial, Federal, and private sector partners with or access
to a mechanism to submit terrorism-related information and/or suspicious activity reports
to law enforcement. (Protection)
Interdiction and Disruption (Prevention, Protection)
Definition: Delay, divert, intercept, halt, apprehend, or secure threats and/or hazards.
Preliminary Target:
1. Maximize our ability to interdict specific conveyances, cargo, and persons associated
with an imminent terrorist threat or act in the land, air, and maritime domains to prevent
entry into the United States or to prevent an incident from occurring in the Nation.
(Prevention)
2. Conduct operations to render safe and dispose of chemical, biological, radiological,
nuclear, and explosive (CBRNE) hazards in multiple locations and in all environments,
consistent with established protocols. (Prevention)
3. Prevent terrorism financial/material support from reaching its target, consistent with
established protocols. (Prevention)
4. Prevent terrorist acquisition of and the transfer of CBRNE materials, precursors, and
related technology, consistent with established protocols. (Prevention)
5. Conduct tactical counterterrorism operations in multiple locations and in all
environments, consistent with established protocols. (Prevention)
6. Deter, detect, interdict, and protect against domestic and transnational criminal and
terrorist activities that threaten the security of the homeland across key operational
activities and critical infrastructure sectors. (Protection)
7. Intercept the malicious movement and acquisition/transfer of CBRNE materials and
related technologies. (Protection)
Screening, Search, and Detection (Prevention, Protection)
Definition: Delay, divert, intercept, halt, apprehend, or secure threats and/or hazards.
Preliminary Target:
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-5 [Sponsor Organization]
[INSERT CAVEAT]
1. Maximize the screening of targeted cargo, conveyances, mail, baggage, and people
associated with an imminent terrorist threat or act using technical, non-technical,
intrusive, or non-intrusive means. (Prevention)
2. Initiate operations immediately to locate persons and networks associated with an
imminent terrorist threat or act. (Prevention)
3. Conduct CBRNE search/detection operations in multiple locations and in all
environments, consistent with established protocols. (Prevention)
4. Screen cargo, conveyances, mail, baggage, and people using information-based and
physical screening technology and processes. (Protection)
5. Detect WMD, traditional, and emerging threats and hazards of concern using:
a. A laboratory diagnostic capability and the capacity for food, agricultural
(plant/animal), environmental, medical products, and clinical samples
b. Bio-surveillance systems
c. CBRNE detection systems
d. Trained healthcare, emergency medical, veterinary, and environmental laboratory
professionals. (Protection)
Forensics and Attribution (Prevention)
Definition: Conduct forensic analysis and attribute terrorist acts (including the means and
methods of terrorism) to their source, to include forensic analysis as well as attribution for an
attack and for the preparation for an attack in an effort to prevent initial or follow-on acts and/or
swiftly develop counter-options.
Preliminary Target:
1. Prioritize physical evidence collection and analysis to assist in preventing initial or
follow-on terrorist acts.
2. Prioritize CBRNE material (bulk and trace) collection and analysis to assist in preventing
initial or follow-on terrorist acts.
3. Prioritize biometric collection and analysis to assist in preventing initial or follow-on
terrorist acts.
4. Prioritize digital media, network exploitation, and cyber technical analysis to assist in
preventing initial or follow-on terrorist acts.
Access Control and Identity Verification (Protection)
Definition: Apply and support necessary physical, technological, and cyber measures to control
admittance to critical locations and systems.
Preliminary Target:
1. Implement and maintain protocols to verify identity and authorize, grant, or deny
physical and cyber access to specific locations, information, and networks.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-6 [Sponsor Organization]
[INSERT CAVEAT]
Cybersecurity (Protection)
Definition: Protect (and if needed, restore) electronic communications systems, information, and
services from damage, unauthorized use, and exploitation.
Preliminary Target:
1. Implement risk-informed guidelines, regulations, and standards to ensure the security,
reliability, integrity, and availability of critical information, records, and communications
systems and services through collaborative cybersecurity initiatives and efforts.
2. Implement and maintain procedures to detect malicious activity and to conduct technical
and investigative-based countermeasures, mitigations, and operations against malicious
actors to counter existing and emerging cyber-based threats, consistent with established
protocols.
Physical Protective Measures (Protection)
Definition: Implement and maintain risk-informed countermeasures, and policies protecting
people, borders, structures, materials, products, and systems associated with key operational
activities and critical infrastructure sectors.
Preliminary Target:
1. Identify, assess, and mitigate vulnerabilities to incidents through the deployment of
physical protective measures.
2. Deploy protective measures commensurate with the risk of an incident and balanced with
the complementary aims of enabling commerce and maintaining the civil rights of
citizens.
Risk Management for Protection Programs and Activities (Protection)
Definition: Identify, assess, and prioritize risks to inform Protection activities, countermeasures,
and investments.
Preliminary Target:
1. Ensure critical infrastructure sectors and Protection elements have and maintain risk
assessment processes to identify and prioritize assets, systems, networks, and functions.
2. Ensure operational activities and critical infrastructure sectors have and maintain
appropriate threat, vulnerability, and consequence tools to identify and assess threats,
vulnerabilities, and consequences.
Supply Chain Integrity and Security (Protection)
Definition: Strengthen the security and resilience of the supply chain.
Preliminary Target:
1. Secure and make resilient key nodes, methods of transport between nodes, and materials
in transit.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-7 [Sponsor Organization]
[INSERT CAVEAT]
Community Resilience (Mitigation)
Definition: Enable the recognition, understanding, communication of, and planning for risk and
empower individuals and communities to make informed risk management decisions necessary
to adapt to, withstand, and quickly recover from future incidents.
Preliminary Target:
1. Maximize the coverage of the U.S. population that has a localized, risk-informed
mitigation plan developed through partnerships across the entire community.
2. Empower individuals and communities to make informed decisions to facilitate actions
necessary to adapt to, withstand, and quickly recover from future incidents.
Long-term Vulnerability Reduction (Mitigation)
Definition: Build and sustain resilient systems, communities, and critical infrastructure and key
resources lifelines so as to reduce their vulnerability to natural, technological, and human-caused
threats and hazards by lessening the likelihood, severity, and duration of the adverse
consequences.
Preliminary Target:
1. Achieve a measurable decrease in the long-term vulnerability of the Nation against
current baselines amid a growing population base, changing climate conditions,
increasing reliance upon information technology, and expanding infrastructure base.
Risk and Disaster Resilience Assessment (Mitigation)
Definition: Assess risk and disaster resilience so that decision makers, responders, and
community members can take informed action to reduce their entity's risk and increase their
resilience.
Preliminary Target:
1. Ensure that local, state, tribal, territorial, and insular area governments and the top 100
Metropolitan Statistical Areas (MSAs) complete a risk assessment that defines localized
vulnerabilities and consequences associated with potential natural, technological, and
human-caused threats and hazards to their natural, human, physical, cyber, and
socioeconomic interests.
Threats and Hazards Identification (Mitigation)
Definition: Identify the threats and hazards that occur in the geographic area; determine the
frequency and magnitude; and incorporate this into analysis and planning processes so as to
clearly understand the needs of a community or entity.
Preliminary Target:
1. Identify the threats and hazards within and across local, state, tribal, territorial, and
insular area governments, and the top 100 MSAs, in collaboration with the whole
community, against a national standard based on sound science.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-8 [Sponsor Organization]
[INSERT CAVEAT]
Infrastructure Systems (Response, Recovery)
Definition: Stabilize critical infrastructure functions, minimize health and safety threats, and
efficiently restore and revitalize systems and services to support a viable, resilient community.
Preliminary Target:
1. Decrease and stabilize immediate infrastructure threats to the affected population, to
include survivors in the heavily-damaged zone, nearby communities that may be affected
by cascading effects, and mass care support facilities and evacuation processing centers
with a focus on life-sustainment and congregate care services. (Response)
2. Re-establish critical infrastructure within the affected areas to support ongoing
emergency response operations, life sustainment, community functionality, and a
transition to recovery. (Response)
3. Provide for the clearance, removal, and disposal of debris. (Response)
4. Formalize partnerships with governmental and private sector cyber incident or emergency
response teams to accept, triage, and collaboratively respond to cascading impacts in an
efficient manner. (Response)
5. Restore and sustain essential services (public and private) to maintain community
functionality. (Recovery)
6. Develop a plan with a specified timeline for redeveloping community infrastructures to
contribute to resiliency, accessibility, and sustainability. (Recovery)
7. Provide systems that meet the community needs while minimizing service disruption
during restoration within the specified timeline in the recovery plan. (Recovery)
Critical Transportation (Response)
Definition: Provide transportation (including infrastructure access and accessible transportation
services) for response priority objectives, including the evacuation of people and animals, and
the delivery of vital response personnel, equipment, and services into the affected areas.
Preliminary Target:
1. Establish physical access through appropriate transportation corridors and deliver
required resources to save lives and to meet the needs of disaster survivors.
2. Ensure basic human needs are met, stabilize the incident, transition into recovery for an
affected area, and restore basic services and community functionality.
3. Clear debris from any route type, (i.e., road, rail, airfield, port facility, waterway) to
facilitate response operations.
Environmental Response / Health and Safety (Response)
Definition: Conduct appropriate measures to ensure the protection of the health and safety of the
public and workers, as well as the environment, from all-hazards in support of responder
operations and the affected communities.
Preliminary Target:
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-9 [Sponsor Organization]
[INSERT CAVEAT]
1. Identify, assess, and mitigate worker health and safety hazards and disseminate health
and safety guidance and resources to response and recovery workers.
2. Minimize public exposure to environmental hazards through assessment of the hazards
and implementation of public protective actions.
3. Detect, assess, stabilize, and clean up releases of oil and hazardous materials into the
environment, including buildings/structures, and properly manage waste.
4. Identify, evaluate, and implement measures to prevent and minimize impacts to the
environment, natural and cultural resources, and historic properties from all-hazard
emergencies and response operations.
Fatality Management Services (Response)
Definition: Provide fatality management services, including decedent remains recovery and
victim identification, working with local, state, tribal, territorial, insular area, and Federal
authorities to provide mortuary processes, temporary storage or permanent internment solutions,
sharing information with mass care services for the purpose of reunifying family members and
caregivers with missing persons/remains, and providing counseling to the bereaved.
Preliminary Target:
1. Establish and maintain operations to recover a significant number of fatalities over a
geographically dispersed area.
Fire Management and Suppression (Response)
Definition: Provide structural, wildland, and specialized firefighting capabilities to manage and
suppress fires of all types, kinds, and complexities while protecting the lives, property, and the
environment in the affected area.
Preliminary Target:
1. Provide traditional first response or initial attack firefighting services.
2. Conduct expanded or extended attack firefighting and support operations through
coordinated response of fire management and specialized fire suppression resources.
3. Ensure the coordinated deployment of appropriate local, regional, national, and
international fire management and fire suppression resources to reinforce firefighting
efforts and maintain an appropriate level of protection for subsequent fires.
Logistics and Supply Chain Management (Response)
Definition: Deliver essential commodities, equipment, and services in support of impacted
communities and survivors, to include emergency power and fuel support, as well as the
coordination of access to community staples. Synchronize logistics capabilities and enable the
restoration of impacted supply chains.
Preliminary Target:
1. Mobilize and deliver governmental, nongovernmental, and private sector resources to
save lives, sustain lives, meet basic human needs, stabilize the incident, and transition to
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-10 [Sponsor Organization]
[INSERT CAVEAT]
recovery, to include moving and delivering resources and services to meet the needs of
disaster survivors.
2. Enhance public and private resource and services support for an affected area.
Mass Care Services (Response)
Definition: Provide life-sustaining and human services to the affected population, to include
hydration, feeding, sheltering, temporary housing, evacuee support, reunification, and
distribution of emergency supplies.
Preliminary Target:
1. Move and deliver resources and capabilities to meet the needs of disaster survivors,
including individuals with access and functional needs.
2. Establish, staff, and equip emergency shelters and other temporary housing options
(including accessible housing) for the affected population.
3. Move from congregate care to non-congregate care alternatives and provide relocation
assistance or interim housing solutions for families unable to return to their pre-disaster
homes.
Mass Search and Rescue Operations (Response)
Definition: Deliver traditional and atypical search and rescue capabilities, including personnel,
services, animals, and assets to survivors in need, with the goal of saving the greatest number of
endangered lives in the shortest time possible.
Preliminary Target:
1. Conduct search and rescue operations to locate and rescue persons in distress.
2. Initiate community-based search and rescue support operations across a wide
geographically dispersed area.
3. Ensure the synchronized deployment of local, regional, national, and international teams
to reinforce ongoing search and rescue efforts and transition to recovery.
On-scene Security, Protection, and Law Enforcement (Response)
Definition: Ensure a safe and secure environment through law enforcement and related security
and protection operations for people and communities located within affected areas and also for
response personnel engaged in lifesaving and life-sustaining operations.
Preliminary Target:
1. Establish a safe and secure environment in an affected area.
2. Provide and maintain on-scene security and meet the protection needs of the affected
population over a geographically dispersed area while eliminating or mitigating the risk
of further damage to persons, property, and the environment.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-11 [Sponsor Organization]
[INSERT CAVEAT]
Operational Communications (Response)
Definition: Ensure the capacity for timely communications in support of security, situational
awareness, and operations by any and all means available, among and between affected
communities in the impact area and all response forces.
Preliminary Target:
1. Ensure the capacity to communicate with both the emergency response community and
the affected populations and establish interoperable voice and data communications
between Federal, tribal, state, and local first responders.
2. Re-establish sufficient communications infrastructure within the affected areas to support
ongoing life-sustaining activities, provide basic human needs, and transition to recovery.
3. Re-establish critical information networks, including cybersecurity information sharing
networks, in order to inform situational awareness, enable incident response, and support
the resiliency of key systems.
Public Health, Healthcare, and Emergency Medical Services
(Response)
Definition: Provide lifesaving medical treatment via Emergency Medical Services and related
operations and avoid additional disease and injury by providing targeted public health, medical,
and behavioral health support, and products to all affected populations.
Preliminary Target:
1. Deliver medical countermeasures to exposed populations.
2. Complete triage and initial stabilization of casualties and begin definitive care for those
likely to survive their injuries and illness.
3. Return medical surge resources to pre-incident levels, complete health assessments, and
identify recovery processes.
Situational Assessment (Response)
Definition: Provide all decision makers with decision-relevant information regarding the nature
and extent of the hazard, any cascading effects, and the status of the response.
Preliminary Target:
1. Deliver information sufficient to inform decision making regarding immediate lifesaving
and life-sustaining activities and engage governmental, private, and civic sector resources
within and outside of the affected area to meet basic human needs and stabilize the
incident.
2. Deliver enhanced information to reinforce ongoing lifesaving and life-sustaining
activities, and engage governmental, private, and civic sector resources within and
outside of the affected area to meet basic human needs, stabilize the incident, and
transition to recovery.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-12 [Sponsor Organization]
[INSERT CAVEAT]
Economic Recovery (Recovery)
Definition: Return economic and business activities (including food and agriculture) to a healthy
state and develop new business and employment opportunities that result in an economically
viable community.
Preliminary Target:
1. Conduct a preliminary assessment of economic issues and identify potential inhibitors to
fostering stabilization of the affected communities.
2. Ensure the community recovery and mitigation plan(s) incorporates economic
revitalization and removes governmental inhibitors to post-disaster economic
sustainability, while maintaining the civil rights of citizens.
3. Return affected area’s economy within the specified time frame in the recovery plan.
Health and Social Services (Recovery)
Definition: Restore and improve health and social services capabilities and networks to promote
the resilience, independence, health (including behavioral health), and well-being of the whole
community.
Preliminary Target:
1. Identify affected populations, groups and key partners in short-term, intermediate, and
long-term recovery.
2. Complete an assessment of community health and social service needs, and prioritize
these needs, including accessibility requirements, based on the whole community's input
and participation in the recovery planning process, and develop a comprehensive
recovery timeline.
3. Restore health care (including behavioral health), public health, and social services
functions.
4. Restore and improve the resilience and sustainability of the health care system and social
service capabilities and networks to promote the independence and well-being of
community members in accordance with the specified recovery timeline.
Housing (Recovery)
Definition: Implement housing solutions that effectively support the needs of the whole
community and contribute to its sustainability and resilience.
Preliminary Target:
1. Assess preliminary housing impacts and needs, identify currently available options for
temporary housing, and plan for permanent housing.
2. Ensure community housing recovery plans continue to address interim housing needs,
assess options for permanent housing, and define a timeline for achieving a resilient,
accessible, and sustainable housing market.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-13 [Sponsor Organization]
[INSERT CAVEAT]
3. Establish a resilient and sustainable housing market that meets the needs of the
community, including the need for accessible housing within the specified time frame in
the recovery plan.
Natural and Cultural Resources (Recovery)
Definition: Protect natural and cultural resources and historic properties through appropriate
planning, mitigation, response, and recovery actions to preserve, conserve, rehabilitate, and
restore them consistent with post-disaster community priorities and best practices and in
compliance with applicable environmental and historic preservation laws and executive orders.
Preliminary Target:
1. Implement measures to protect and stabilize records and culturally significant documents,
objects, and structures.
2. Mitigate the impacts to and stabilize the natural and cultural resources and conduct a
preliminary assessment of the impacts that identifies protections that need to be in place
during stabilization through recovery.
3. Complete an assessment of affected natural and cultural resources and develop a timeline
for addressing these impacts in a sustainable and resilient manner.
4. Preserve natural and cultural resources as part of an overall community recovery that is
achieved through the coordinated efforts of natural and cultural resource experts and the
recovery team in accordance with the specified timeline in the recovery plan.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix B: Core Capabilities B-14 [Sponsor Organization]
[INSERT CAVEAT]
.
This page is intentionally left blank.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix C: Alternate AAR Template C-1 [Sponsor Organization]
[INSERT CAVEAT]
APPENDIX C: ALTERNATE TEMPLATE – OBJECTIVES
ANALYZED BY CORE CAPABILITIES
The below is an alternate template for writing an AAR. In this format rather than analyzing
strengths and areas for improvement by exercise objectives, planners can evaluate participants by
core capability relevant to a specific objective. This is a more complex way to write an AAR, but
some planning teams may find the structure preferable.
Objective 1: [Insert Objective 1 from situation manual.]
The strengths and areas for improvement for each core capability aligned to this objective are
described in this section. See Appendix B for details on each core capability.
Planning
Strengths
The [full or partial] capability level attained can be attributed to the following strengths:
Strength 1: [Use complete sentences to describe each major strength.]
Strength 2: [Use complete sentences to describe each major strength.]
Strength 3: [Use complete sentences to describe each major strength.]
Areas for Improvement
The following areas require improvement to achieve the full capability level:
Area for Improvement 1: [Observation statement. This should clearly state the problem or
gap.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. If a strength was identified,
include any relevant innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix C: Alternate AAR Template C-2 [Sponsor Organization]
[INSERT CAVEAT]
Area for Improvement 2: [Observation statement. This should clearly state the problem or gap;
it should not include a recommendation or corrective action, as those will be documented in the
Improvement Plan.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
Intelligence and Information Sharing
Strengths
The [full or partial] capability level can be attributed to the following strengths:
Strength 1: [Use complete sentences to describe each major strength.]
Strength 2: [Use complete sentences to describe each major strength.]
Strength 3: [Use complete sentences to describe each major strength.]
Areas for Improvement
The following areas require improvement to achieve the full capability level:
Area for Improvement 1: [Observation statement. This should clearly state the problem or gap;
it should not include a recommendation or corrective action, as those will be documented in the
Improvement Plan.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix C: Alternate AAR Template C-3 [Sponsor Organization]
[INSERT CAVEAT]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
Interdiction and Disruption
Strengths
The [full or partial] capability level can be attributed to the following strengths:
Strength 1: [Use complete sentences to describe each major strength.]
Strength 2: [Use complete sentences to describe each major strength.]
Strength 3: [Use complete sentences to describe each major strength.]
Areas for Improvement
The following areas require improvement to achieve the full capability level:
Area for Improvement 1: [Observation statement. This should clearly state the problem or gap;
it should not include a recommendation or corrective action, as those will be documented in the
Improvement Plan.]
Reference: [List relevant plans, policies, procedures, laws, and regulations, or sections that
apply. If no references apply to the observation, it is acceptable to simply list “Not Applicable.”]
1. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
2. [Name of the task and the applicable plans, policies, procedures, laws, and
regulations and 1–2 sentences describing their relation to the task.]
Analysis: [The analysis section should be the most detailed section of an Observation. Include a
description of the behavior or actions at the core of the observation, as well as a brief description
of what was discussed, and the implications / consequence(s) noted. Identified strength(s) should
include any relevant or innovative approaches discussed by the exercise participants.]
Recommendation: [The recommendation or recommendations should clearly state a way to
close the observed gap. It should not include a corrective action, as those will be documented in
the Improvement Plan]
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix C: Alternate AAR Template C-4 [Sponsor Organization]
[INSERT CAVEAT]
This page is intentionally left blank.
CISA Tabletop Exercise Package (CTEP)
[Insert Exercise Name]
After-Action Report / Improvement Plan (AAR / IP)
Appendix D: Exercise Participants D-1 [Sponsor Organization]
[INSERT CAVEAT]
APPENDIX D: EXERCISE PARTICIPANTS
Participating Organizations
Private Sector
Local
State
Federal
Other
