Jeff, NIST Special Publication 800-42, DRAFT Guideline on Network Security Testing, section 3.3 "Penetration Testing" may provide a good starting point.
http://csrc.nist.gov/publications/drafts/security-testing.pdf Regards, Wally -----Original Message----- From: Wichman, Jeff [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:13 AM To: '[EMAIL PROTECTED]' Subject: Pre-security documentation I am sure someone here can help me. At least I hope. I have been looking for something that would give me an outline or good idea of what should go into a document I would like our Managers and CIO to sign that allows the InfoSec team to perform audits/assessments of our company resources. I realize it would be best to have a legal department write something like this up but we have no access to this group. Can anyone suggest a basic outline for something of this nature. I know someone asked for it before on this mailing list, but I cannot find any replies to that posting. Thank you. Jeff Wichman Security Administrator School Specialty, Inc.
