Rules of Engagement Vs. SOW

ovechtrickovechtrick Posts: 2Registered Users ■■■□□□□□□□
Hi all, long time lurker sitting for PT0-001 next week. I'm feeling pretty good about all of the topics except for SoW and RoE. (I know, dumb) Can someone please explain the difference between Rules of Engagement (RoE) and a Statement of Work (SoW)? Both documents seem like they include the same types of information. I've read Omar Santos' book, as well as the Raymond Nutting book, but cant seem to distinguish the difference. Any help would be great!


  • DZA_DZA_ Untitled. Posts: 367Member ■■■■■□□□□□
    My understanding that for Statement of Work (in the context of consulting or business) will define what deliverables will be created/handed over when engaged in a project or a business transaction. For example:

    Statement of work:
    - Delivery a pair of firewalls configured in high-availability
    - Configure web application firewall functionality for cross side scripting / input validation
    - Define and configure network to support firewall appliances

    In the context of pen testing (and correct me if I'm wrong guys for those who are in the field) is the restrictions or how you perform when you're conducting the pen test, for example: 

    - Can only perform pen testing after business hours (8:00 PM)
    - Limited to using only certain penetration tools
    - Provided limited knowledge of the network or full knowledge of the network 

  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,339Admin Admin
    If the SoW does not include a pentest then there will be no need for an RoE agreement.
  • yoba222yoba222 Posts: 980Member ■■■■■■□□□□
    edited February 13
    Based on my work experience, SOW is what you promise to do and ROE is what you promise not to do.
    Obtained: A+ | Network+ | Security+ | CySA+ | PenTest+ | CAPM | eJPT | CCNA R&S | CCNA CyberOps | GCIH | LFCS
    2019: Virtual Hacking Labs then OSCP
  • ovechtrickovechtrick Posts: 2Registered Users ■■■□□□□□□□
    Thank you all for your comments!
Sign In or Register to comment.