If you do any IA work for the US government its probably worth taking a look at this draft to see what's coming down the pipe.
of interest to me is the new requirement to get the CISA or GSNA if you do any sort of "Auditing" to include pentesting.
"C11.6.1. CND-AU personnel perform assessments of systems and networks within the NE or
enclave and identify where those systems/networks deviate from acceptable configurations,
enclave policy, or local policy. CND-AUs achieve this through passive evaluations (compliance
audits) and active evaluations (penetration tests and/or vulnerability assessments)."
Not to get back into the whole Not a CISSP thread or CEH != pentester debate but I'd like to hear other people's opinion on the validity of basically requiring the CISSP and now CISA if you do pentesting for DoD. I have no experience with the SANS GSNA material, so I have no comments.
I'm studying for the CISA now and there is very little if anything that applies to pentesting. Painful is the only word I can think of right now to describe it. But I'm taking my own advice by sucking it up, learning the material, taking the test, and going back to doing what I was doing.
In case anyone is still in the dark, auditing != pentesting.