Covered in the 2.0 manual are the following areas:
This manual is a detailed methodology for standardizing the process of security testing so as to ensure a complete and thorough job. This is a nearly complete re-write of 1.5 from the ground up to assure clarity and practicality. Included are the Risk Assessment Values which provide values and a method for calculating and maintaining specific levels of risk from security breaches and other forms of organizational penetration methods besides Information and IT insecurities. This verson also includes many template samples including the information that must appear in a report to bear the Certified OSSTMM Compliance seal.
I do hope everyone involved in the security field from IT professionals to auditors and soldiers to watchdog groups gets involved in the peer-review process to develop this standard.