1. Minimum of 100 IPs/Targets per location (INTERNAL + EXTERNAL) 2. Dedicated Hardware agent to be installed on all INTERNAL networks 3. Weekly INTERNAL Vulnerability Scanning Reports (FULL or NERC reports) 4. Monthly EXTERNAL Penetration Test Reports (FULL or NERC reports) 5. Monthly Social Engineering Reports