• Vulnerability and Penetration Testing Categories - external gateway, internal network systems, wireless access networks, VoIP systems, applications, web applications, mobile applications, cloud integrations, custom applications, social engineering, phishing/smishing and any other testing as needed. • Penetration Testing Types – White Box, Black Box and Grey Box. • Retesting After Remediation – each testing engagement may include retesting after remediation, if requested by SRPMIC. If the vendor charges a separate fee for retesting, identify the price and/or percentage of the penetration testing charge in the pricing section. • Penetration Testing Methodologies – automated, manual or hybrid testing services for each type of penetration testing. The scope of retesting after SRPMIC has completed its remediation activities may be redefined after the draft or initial testing findings. • Project Management – provide approach to penetration testing engagements. • Scope of Work Per Pen Test Engagement - every penetration testing engagement will have a specific scope of work.
