## Target Audience

- Identify targets of the engagement 
- Identify scope and size of the engagement
- Surface area of engagement

## Objective

Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.

Identify Protected Assets 

[[ASSET INVENTORY]]
[[RISK REGISTER]]

## Compliance

Establish guidelines (or necessity) for compliance with internal and external regulations or standards.
Example: PCI DSS, GDPR, HIPPA, etc
- Strictly defined surface area of engagement

[[Statement of Work]]
[[Non-Disclosure Agreement]]
[[Request for Information (RFI)]]

## Resources

1. Define budgeting requirements for the campaign.
2. Identify target's accessibility:
	- Physical access
	- Remote access
	- Tooling required
	
## Communication Plan

1. Aquire Trusted Agent(s) within the company for trusted communication
2. Establish communication guidelines and information access control rules during engagement (who knows what)
3. Establish escalation procedures


## Product/Report

Establish reporting guidelines

[[PENTEST REPORT TEMPLATE]]

## Technical Constraints

Identify and establish all technical restrictions during the engagement. What parts of the infrastructure is tested and what is out of scope.

## Comprehensiveness

Identify specifics on the engagement, what parts of the infrastructure is tested, what type of vulnerabilities, etc.