Published 2026-04-28 — v1.0

Sales briefing methodology

The Sales briefing tab translates observed facts about an entity's public infrastructure into sales-readable talking points. Each talking point names the observation, places it in the context of a peer cohort, cites a third-party authority, and suggests a topic for conversation. CipherCue does not draw conclusions, apply verdicts, or predict outcomes. The talking point is a summary of observable fact and published authority, never a recommendation about how the entity should behave.

Talking points describe observed distribution and reference third-party authority. They are not assessments, scores, or predictions about any individual entity. Every "should" statement in a talking point is sourced from a named third party (NIST, IETF RFC, CISA, ENISA), never from CipherCue.

Cohort selection

A briefing is computed against a single peer cohort, chosen by specificity. CipherCue selects the most specific cohort the entity belongs to that has a sample size of at least 20 members. Specificity is ordered as follows:

Sector (sector_industry) — derived from the entity's recorded industry classification.
Index membership (index_membership) — for entities that are constituents of a published index (FTSE 100, FTSE 250, Russell 3000, ISEQ 20).
Jurisdiction (jurisdiction) — derived from the entity's recorded country of registration.

If no cohort meets the sample-size floor, the briefing is suppressed. This is by design — a comparison against fewer than 20 members would let individual peers be re-identified through the rate.

Talking-point structure

Every talking point is rendered from a translation rule and contains four labelled elements:

Observed. The fact CipherCue observed about this entity. Always dated, always sourced (public DNS query, public HTTP response, CISA KEV catalogue entry).
Cohort. The distribution of the same fact across the cohort. Phrased as "N of M cohort members have an observation of this type in 90 days" — a description of the cohort, not of the entity.
Authority. One or more third-party citations naming the relevant standard or catalogue (RFC 7489, RFC 7208, NIST SP 800-177, CISA KEV, BOD 22-01).
Topic. A neutral suggestion of what conversational territory this observation maps to (e.g. "email authentication posture").

Translation rules

Translation rules live in the configuration file config/ciphercue/sales_translations.php. Each rule has an observed-template, a cohort-template, an authority list, a topic hint, and an optional reference URL. Rules are versioned with the methodology. Adding a new rule or changing the wording of an existing rule increments the methodology version and is recorded in the changelog below.

Rules are constrained to use only the legally-safe vocabulary documented in docs/VOCABULARY_GLOSSARY.md. Banned phrasings (risk, weak, poor, lagging, behind, above average, below average, top X%, bottom X%) never appear in a talking point. The CI test LegalPostureVocabularyTest rejects any pull request that introduces banned vocabulary into a CipherCue-authored region.

Cohort coverage charts

The horizontal bar shown alongside each talking point is a server-rendered SVG histogram. The shaded portion corresponds to the proportion of cohort members exhibiting the signal. The blue marker indicates whether this entity sits in the shaded or unshaded portion. The chart is a description, not a verdict — there are no green/red zones, no quartile shading, and no ranking.

What this is not

Not a score. No talking point ranks an entity, places it in a percentile, or assigns a numeric grade.
Not a prediction. No talking point asserts that an entity is likely to be breached, attacked, or compromised.
Not advice. Topic hints suggest conversational territory; they do not direct an entity to take any specific action.
Not editorial. Every "should" or "recommended" statement is sourced from a named third-party authority cited in the talking point.

Coordinated disclosure

Talking points sourced from observations that fall under CipherCue's responsible-disclosure policy — for example, CISA KEV matches indicating an exploit-in-the-wild condition — are subject to the 48-hour silent disclosure window documented at /disclosure-policy. A talking point of this type does not appear on the briefing tab until the disclosure window has elapsed.

Changelog

v1.0 — 2026-04-28. Initial methodology. Three metric translation rules (DMARC enforcement, SPF presence, CISA KEV match). Cohort schemes: sector_industry, index_membership, jurisdiction. Specificity order documented. Sample-size floor of 20.

Methodology and rules: github.com/urlcv · Vocabulary glossary: docs/VOCABULARY_GLOSSARY.md · Disclosure policy: /disclosure-policy