NIST stands for the National Institute of Standards and Technology. NIST is a division of the US government, and it publishes a number of special publications defining best practices as well as standards for organizations to employ in order to improve their security. It's important to understand NIST in order to map findings or discovered vulnerabilities to their appropriate rules in order to help organizations understand the compliance implications of the issues discovered during the assessment.

At times, a target organization may require security testing using a specific framework or standard. Being familiar with the OSSTMM can be useful for your engagements with the target organization as a penetration tester.