# NIST SP 800-115 Overview One-sentence definition: NIST’s technical guide to planning and conducting security testing and assessment. ## Key Facts - Covers planning, execution, post-testing activities; emphasizes ROE and safety. - Methods: review (docs, logs), target identification, vulnerability testing, penetration testing. - Stresses reporting clarity, risk communication, and remediation follow-up. - Complements control frameworks and SDLC processes. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Cite 800-115 to justify assessment phases and documentation. **Mnemonic:** “**Plan → Test → Report → Retest**.” ## Mini Scenario Q: Team skips post-testing activities—what missing? A: 800-115’s remediation verification and lessons learned. ## Revision Checklist - Four phases. - Two method families. - Reporting focus. ## Related [[Assessment Strategy and Test Planning]] · [[Penetration Testing Process and Ethics]] · [[Reporting and Executive Summaries]] · [[Remediation Verification and Regression Testing]] · [[Tabletop Exercises (TTX) and Crisis Simulations]] · [[Domain 6 - Index]]