NIST 800-115

The National Institute of Standards and Technology Special Publication (NIST-SP-800-115) is the technical guide to information-security testing and assessment. The publication is produced by Information Technology Laboratory (ITL) at NIST.

The guide defines a security assessment as the process of determining how effectively an entity being assessed meets specific security requirements. As you review the guide, you will see it contains a great amount of information for testing. While the document does not get updated as often as we would like, it is a viable resource for us as a reference when building our methodology for testing.

They offer practical guidelines for designing, implementing, and maintaining technical information, security tests, and examination processes and procedures, by covering the key element or technical security-testing and examination.

These can be used for several reasons, such as finding vulnerabilities in a system or network and verifying compliance with a policy or other requirements. The guide is not intended to present an all-inclusive information-security testing and examination program but rather an outline of key elements of technical security testing and examination, with a weight on specific technical techniques, the benefits and limitations of each, and recommendations for their use.
The NIST 800-115 standard provides a great map for pen testers that is an accepted industry standard. This model is a great way to ensure that your penetration testing program complies with best practices.