The National Institute of Standards and Technology Special Publication (NIST-SP-800-115) is the Technical Guide to Information Security Testing and Assessment. The publication is produced by Information Technology Laboratory (ITL) at NIST.
The guide defines a security assessment as the process of determining how effectively an entity being assessed meets specific security requirements. As you review the guide, you will see it contains a great amount of information for testing. While the document tends to not get updated as often as we would like, it is a viable resource for us as a reference when building our methodology for testing. The document consists of the following main chapters: