{\rtf1\ansi\ansicpg1252\uc1 \deff0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f28\froman\fcharset238\fprq2 Times New Roman CE;}{\f29\froman\fcharset204\fprq2 Times New Roman Cyr;}

{\f31\froman\fcharset161\fprq2 Times New Roman Greek;}{\f32\froman\fcharset162\fprq2 Times New Roman Tur;}{\f33\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f34\froman\fcharset178\fprq2 Times New Roman (Arabic);}

{\f35\froman\fcharset186\fprq2 Times New Roman Baltic;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;

\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{

\ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \snext0 Normal;}{\*\cs10 \additive Default Paragraph Font;}{\s15\ql \li0\ri0\widctlpar

\tqc\tx4320\tqr\tx8640\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \sbasedon0 \snext15 header;}{\*\cs16 \additive \sbasedon10 page number;}}{\info{\author tom}{\operator tom}

{\creatim\yr2009\mo8\dy24\hr14\min23}{\revtim\yr2009\mo8\dy24\hr15\min17}{\version12}{\edmins53}{\nofpages3}{\nofwords490}{\nofchars2793}{\nofcharsws3430}{\vern8243}}

\widowctrl\ftnbj\aenddoc\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin\dghspace180\dgvspace180\dghorigin1800\dgvorigin1440\dghshow1\dgvshow1

\jexpand\viewkind1\viewscale114\viewzk2\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule \fet0\sectd \linex0\endnhere\sectlinegrid360\sectdefaultcl {\header \pard\plain 

\s15\ql \li0\ri0\widctlpar\tqc\tx4320\tqr\tx8640\pvpara\phmrg\posxr\posy0\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\field{\*\fldinst {\cs16 PAGE  }}{\fldrslt {

\cs16\lang1024\langfe1024\noproof 3}}}{\cs16 

\par }\pard \s15\ql \li0\ri360\widctlpar\tqc\tx4320\tqr\tx8640\aspalpha\aspnum\faauto\adjustright\rin360\lin0\itap0 {

\par }}{\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang{\pntxta )}}

{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl8

\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}\pard\plain \qc \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 

\fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {Rules of Engagement Worksheet:

\par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 {

\par Penetration Testing Team Contact Information:

\par 

\par Primary Contact:  ____________________________________________

\par 

\par Mobile Phone:      ____________________________________________

\par 

\par Pager: \tab                   ____________________________________________

\par 

\par Secondary Contact:   _______________________________________________

\par 

\par Mobile Phone:          ________________________________________________

\par 

\par Pager:                       ________________________________________________

\par 

\par Target Organization Contact Information:

\par 

\par Primary Contact:  ____________________________________________

\par 

\par Mobile Phone:      ____________________________________________

\par 

\par Pager: \tab                   ____________________________________________

\par 

\par Secondary Contact:   _______________________________________________

\par 

\par Mobile Phone:          ________________________________________________

\par 

\par Pager:                       ________________________________________________

\par 

\par 

\par "Daily Debriefing" Frequency: _____________________________________________

\par 

\par "Daily Debriefing" Time/Location: __________________________________________

\par 

\par 

\par Start Date of Penetration Test:  ______________________________________________

\par 

\par End Date of Penetration Test:  ______________________________________________

\par 

\par Testing Occurs at Following Times: __________________________________________

\par 

\par Will test be announced to target personnel:  ____________________________________

\par 

\par Will target organization shun IP addresses of attack systems:  _____________________

\par 

\par Does target organization's network have automatic shunning capabilities that might disrupt access in unforeseen ways (i.e. create a denial-of-service condition), and if so, what steps will be taken to mitigate the risk:

\par 

\par ____________________________________________________________________

\par 

\par ____________________________________________________________________

\par 

\par 

\par Would the shunning of attack systems conclude the test: _______________________

\par 

\par If not, what steps will be taken to continue if systems get shunned and what approval (if any) will be required: 

\par 

\par _______________________________________________________________________

\par 

\par _______________________________________________________________________

\par 

\par _______________________________________________________________________

\par 

\par IP addresses of penetration testing team's attack systems:

\par 

\par _______________________________________________________________________

\par 

\par _______________________________________________________________________

\par 

\par _______________________________________________________________________

\par 

\par Is this a "black box" test:  __________________________________________________

\par 

\par What is the policy regarding viewing data (including potentially sensitive/confidential data) on compromised hosts:

\par 

\par _______________________________________________________________________

\par 

\par _______________________________________________________________________

\par 

\par _______________________________________________________________________

\par 

\par 

\par Will target personnel observe the testing team:  _________________________________

\par 

\par 

\par \page 

\par 

\par ______________________________________________________________

\par Signature of Primary Contact representing Target Organization

\par 

\par ____________________________

\par Date

\par 

\par 

\par 

\par ______________________________________________________________

\par Signature of Head of Penetration Testing Team

\par 

\par ____________________________

\par Date

\par 

\par 

\par If necessary, signatures of individual testers:

\par 

\par ______________________________________________________________

\par Signature

\par 

\par ____________________________

\par Date

\par 

\par 

\par ______________________________________________________________

\par Signature

\par 

\par ____________________________

\par Date

\par 

\par 

\par ______________________________________________________________

\par Signature

\par 

\par ____________________________

\par Date

\par 

\par 

\par ______________________________________________________________

\par Signature

\par 

\par ____________________________

\par Date

\par }}