You are the IT manager overseeing a security assessment project. To ensure the third-party security firm's penetration test activities align with company policies and legal requirements, which document must be established to detail the testing boundaries, methods, timelines, and communication protocols?
Master Service Agreement (MSA)
Interconnection Security Agreement (ISA)
Acceptable Use Policy (AUP)
Rules of Engagement (ROE)