Contradictory document
The rules of engagement document says all pen testing had to be performed between 6AM to 6PM, in a way that suggests that Coalfire would want extra pay for working out of hours, and that would require a Change Order.
The same document, in the physical pen testing section, says that work will be performed in "afternoons or evenings". That's contradictory: 5:59pm isn't really "evening", it's more "afternoon".
I think the most reasonable way to read that document is that physical pen testing can be performed in afternoons and evenings, but Coalfire won't get extra money for working out of hours unless there's a Change Order. So I believe the pen testing was in scope.
However, it's clear that this isn't really a dispute between Coalfire and the state organization that hired them. It's a dispute between the state organization that authorized the break-in and the county organization that owns the building and arrested them.
What should really happen is the county should release the pen-testers since there was no intent to break the law - they genuinely believed they had permission. Then they county could try to arrest the state people who signed the contract for conspiracy to break-and-enter since they authorised the break-in (although we all know that won't happen).