Specifications include, but are not limited to: This engagement will consist of vulnerability scanning and penetration testing (external, internal, and wireless) 1. External pen-testing & vulnerability scanning will be tested from an unauthorized perspective and performed completely external to JJC via the Internet with no specific network information provided to the vendor. The scope of this review is all Internet-accessible systems owned and operated by JJC (No more than 50 publicly accessible services). The vendor should perform initial searches and scans to identify targets and potential vulnerabilities. Once vulnerabilities are identified, the vendor will validate the potential vulnerabilities and assess the risk associated with each. (JJC will provide a list of IP addresses in scope upon award) 2. Internal penetration assessment & vulnerability will be performed from inside the organization, mimicking an attacker with internal network access with no credentials. The approach will be the same as in the external penetration assessment and will include at least 10 class C IP ranges. Please provide the cost for 5 additional class C subnets in the event it is deemed necessary by JJC during the testing. The selected vendor can perform some remote work as part of this engagement, but we strongly prefer that the chosen vendor is onsite at agreed upon times.