ISECOM - OSSTMM Question

I have just discovered OSSTMM (Open Source Security Testing Methodology).
To start with, I can't believe I keep finding stuff I never heard about.
Anyway, things I read say this is the most used Security testing Methodology that there is.
Does this compare to things like COBIT? Can it be used for Sarbanes-Oxley compiance?
To start with, I can't believe I keep finding stuff I never heard about.
Anyway, things I read say this is the most used Security testing Methodology that there is.
Does this compare to things like COBIT? Can it be used for Sarbanes-Oxley compiance?
Comments
IT Control Objectives for Sarbanes-Oxley: The Role of IT in the Design and Implementation of Internal Control Over Financial Reporting, 2nd Edition
COBIT is an internationally recognized IT Governance framework from ISACA that can be used to help businesses comply with the IT control requirements of SOX.
OSSTMM may be able to help with SOX but its focus is probably quite narrow, i.e., just security testing, when compared to something like COBIT, which is broadly focused on IT governance within the enterprise, in manner that is consistent with COSO the framework for governance of the enterprise.
OSSTMM and COBIT are not equivalent but they may, in certain circumstances, be complementary.