{\rtf1\ansi\ansicpg1252\uc1 \deff0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f28\froman\fcharset238\fprq2 Times New Roman CE;}{\f29\froman\fcharset204\fprq2 Times New Roman Cyr;} {\f31\froman\fcharset161\fprq2 Times New Roman Greek;}{\f32\froman\fcharset162\fprq2 Times New Roman Tur;}{\f33\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f34\froman\fcharset178\fprq2 Times New Roman (Arabic);} {\f35\froman\fcharset186\fprq2 Times New Roman Baltic;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255; \red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{ \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \snext0 Normal;}{\*\cs10 \additive Default Paragraph Font;}{\s15\ql \li0\ri0\widctlpar \tqc\tx4320\tqr\tx8640\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \sbasedon0 \snext15 header;}{\*\cs16 \additive \sbasedon10 page number;}}{\info{\author tom}{\operator tom} {\creatim\yr2009\mo8\dy24\hr14\min23}{\revtim\yr2009\mo8\dy24\hr15\min17}{\version12}{\edmins53}{\nofpages3}{\nofwords490}{\nofchars2793}{\nofcharsws3430}{\vern8243}} \widowctrl\ftnbj\aenddoc\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin\dghspace180\dgvspace180\dghorigin1800\dgvorigin1440\dghshow1\dgvshow1 \jexpand\viewkind1\viewscale114\viewzk2\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule \fet0\sectd \linex0\endnhere\sectlinegrid360\sectdefaultcl {\header \pard\plain \s15\ql \li0\ri0\widctlpar\tqc\tx4320\tqr\tx8640\pvpara\phmrg\posxr\posy0\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\field{\*\fldinst {\cs16 PAGE }}{\fldrslt { \cs16\lang1024\langfe1024\noproof 3}}}{\cs16 \par }\pard \s15\ql \li0\ri360\widctlpar\tqc\tx4320\tqr\tx8640\aspalpha\aspnum\faauto\adjustright\rin360\lin0\itap0 { \par }}{\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang{\pntxta )}} {\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl8 \pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}\pard\plain \qc \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {Rules of Engagement Worksheet: \par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 { \par Penetration Testing Team Contact Information: \par \par Primary Contact: ____________________________________________ \par \par Mobile Phone: ____________________________________________ \par \par Pager: \tab ____________________________________________ \par \par Secondary Contact: _______________________________________________ \par \par Mobile Phone: ________________________________________________ \par \par Pager: ________________________________________________ \par \par Target Organization Contact Information: \par \par Primary Contact: ____________________________________________ \par \par Mobile Phone: ____________________________________________ \par \par Pager: \tab ____________________________________________ \par \par Secondary Contact: _______________________________________________ \par \par Mobile Phone: ________________________________________________ \par \par Pager: ________________________________________________ \par \par \par "Daily Debriefing" Frequency: _____________________________________________ \par \par "Daily Debriefing" Time/Location: __________________________________________ \par \par \par Start Date of Penetration Test: ______________________________________________ \par \par End Date of Penetration Test: ______________________________________________ \par \par Testing Occurs at Following Times: __________________________________________ \par \par Will test be announced to target personnel: ____________________________________ \par \par Will target organization shun IP addresses of attack systems: _____________________ \par \par Does target organization's network have automatic shunning capabilities that might disrupt access in unforeseen ways (i.e. create a denial-of-service condition), and if so, what steps will be taken to mitigate the risk: \par \par ____________________________________________________________________ \par \par ____________________________________________________________________ \par \par \par Would the shunning of attack systems conclude the test: _______________________ \par \par If not, what steps will be taken to continue if systems get shunned and what approval (if any) will be required: \par \par _______________________________________________________________________ \par \par _______________________________________________________________________ \par \par _______________________________________________________________________ \par \par IP addresses of penetration testing team's attack systems: \par \par _______________________________________________________________________ \par \par _______________________________________________________________________ \par \par _______________________________________________________________________ \par \par Is this a "black box" test: __________________________________________________ \par \par What is the policy regarding viewing data (including potentially sensitive/confidential data) on compromised hosts: \par \par _______________________________________________________________________ \par \par _______________________________________________________________________ \par \par _______________________________________________________________________ \par \par \par Will target personnel observe the testing team: _________________________________ \par \par \par \page \par \par ______________________________________________________________ \par Signature of Primary Contact representing Target Organization \par \par ____________________________ \par Date \par \par \par \par ______________________________________________________________ \par Signature of Head of Penetration Testing Team \par \par ____________________________ \par Date \par \par \par If necessary, signatures of individual testers: \par \par ______________________________________________________________ \par Signature \par \par ____________________________ \par Date \par \par \par ______________________________________________________________ \par Signature \par \par ____________________________ \par Date \par \par \par ______________________________________________________________ \par Signature \par \par ____________________________ \par Date \par \par \par ______________________________________________________________ \par Signature \par \par ____________________________ \par Date \par }}