Rules of Engagement 📘

Rules of Engagement (RoE) are a legally binding outline of the client objectives and scope with further details of engagement expectations between both parties. This is the first "official" document in the engagement planning process and requires proper authorization between the client and the red team. This document often acts as the general contract between the two parties; an external contract or other NDAs (Non-Disclosure Agreement) can also be used.

The format and wording of the RoE are critical since it is a legally binding contract and sets clear expectations.

Each RoE structure will be determined by the client and red team and can vary in content length and overall sections. Below is a brief table of standard sections you may see contained in the RoE.

|200

Section Name	Section Details
Executive Summary	Overarching summary of all contents and authorization within RoE document
Purpose	Defines why the RoE document is used
References	Any references used throughout the RoE document (HIPAA, ISO, etc.)
Scope	Statement of the agreement to restrictions and guidelines
Definitions	Definitions of technical terms used throughout the RoE document
Rules of Engagement and Support Agreement	Defines obligations of both parties and general technical expectations of engagement conduct
Provisions	Define exceptions and additional information from the Rules of Engagement
Requirements, Restrictions, and Authority	Define specific expectations of the red team cell
Ground Rules	Define limitations of the red team cell's interactions
Resolution of Issues/Points of Contact	Contains all essential personnel involved in an engagement
Authorization	Statement of authorization for the engagement
Approval	Signatures from both parties approving all subsections of the preceding document
Appendix	Any further information from preceding subsections

When analyzing the document, it is important to remember that it is only a summary, and its purpose is to be a legal document. Future and more in-depth planning are required to expand upon the RoE and client objectives.

For this task we will use a shortened document adapted from redteam.guide