A penetration testing team is preparing to assess the security of a web application for a financial institution that is bound by the Payment Card Industry Data Security Standard (PCI DSS). Which standard or methodology should they prioritize to align their testing framework with the industry's best practices and ensure compliance?
Information Systems Security Assessment Framework (ISSAF)
MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
National Institute of Standards and Technology (NIST)
Open Web Application Security Project (OWASP)