Specifications include, but are not limited to: The vendor shall conduct penetration testing activities designed to provide the Borough with insight into external vulnerabilities with agency networks, assets and applications. The scope of external penetration tests shall include the Borough’s internet points of presence including the Borough’s external facing website. Prior to conducting a penetration test, the vendor shall develop and submit to the Matanuska-Susitna Borough for approval, a penetration test plan. The plan will include a Rules of Engagement (ROE) document, and shall define the steps to be taken and tools/equipment to be used to facilitate the testing as well as information to be collected and submitted in the final report. The penetration testing plan should be approved by the CIO before testing begins. The end-result of this engagement will specifically include: • Penetration Testing to validate security compliance • Penetration Test Plan (includes schedule and Rules of Engagement) • Penetration Test Support • Answers to Requirements • Identification of any tools and/or software used in pen tests