Obtaining Client Information

Specific environment information is required necessary for proper construction of the Fortra VM account.

Pre-Assessment Questionnaire (PAQ)

An optional method to obtain the information is to use the details of the contract and have the end point user complete a PAQ.

There are five sheets of information groups requisitioned by the PAQ:

Introduction
Organization contacts
IP address information
External virtually hosted external applications
Insight classifications

Introduction

FVM client accounts are configured based on a combination of information from the client’s contract and PAQ information. The Client Advocateadministers a PAQ to the client after contract signing. The Client Advocate is responsible to confirm accurate and complete PAQ information is received from the client. If client neglects to return the PAQ in a timely matter, their contracted services will not be deliverable on the agreed schedule. Modification and addition of account details can be performed at any time.

The Introduction sheet provides contact information for ease of contact to their Client Advocate for support.

Contacts

Client provides contact information for their organization. A user account will need to be created for each individual’s contact information provided. Also note, that unless specified in the "Notes" section, all contacts will have user accounts created within the Fortra Vulnerability Management(Fortra VM) with the identified Primary account given "Account Admin" privileges. As the name implies, the Account Admin has full configuration capabilities within the Fortra VM account. All other identified users will have the capability to view vulnerability scanning and / or penetration test data.

The PAQ is sent in the form of an Excel spreadsheet. As such, clients can copy the "Contacts" worksheet and duplicate it if they require more than six user profiles for their organization.

IP address information

The client must provide the IP address information for the networks that will be assessed. The sheet allows for twenty IP addresses (or IP address ranges) each for the internal and external networks to be assessed. Additional sheets can be added if the client requires more IP addresses to be designated.

External virtual host information

The client will need to enter all virtually hosted external applications they wish to have tested. The client’s external URLs or Fully Qualified Domain Names that are virtually hosted will be listed here, they are commonly used in cloud environments such as Amazon Web Services (AWS), Microsoft Azure, etc. In situations where a load balancer is used, virtual hosting is a method for hosting multiple domain names on a single server, IP address or pool of servers. If the client has more than 30 vHosts, continue on a separate, duplicated sheet.

Insight classifications

The client must provide categories in which their organization best falls. Part of the client's scanning services is an Insight Report which allows them to compare their current vulnerability management status against other organizations using the Fortra systems that fall into those same categories.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
202504180517 | April 2025