NIST 800-53

Any Investment Company should comply with NIST SP 800-53 Compliance in order to pass SEC review. Company should show sufficient strive in:

  1. Access control: Ensures only authorized users have access privileges
  2. Audit and accountability: Involves a system of checks and balances to ensure proper protection
  3. Awareness and training: Ensures team members are given the pertinent security controls training, including how these controls protect their systems
  4. Configuration management: Ensures all configurations address the latest needs of the system without compromising security
  5. Contingency planning: Involves creating a plan that provides different options in case your security controls do not perform as expected
  6. Identification and authentication: Focuses on ensuring users and devices have valid identification and the rights they need to access systems and data
  7. Incident response: Orchestrates the steps and tools used when there is a breach
  8. Maintenance: Necessary for keeping the system up-to-date and functioning as it should
  9. Media protection: Involves protecting the physical media used to store data, such as hard drives and servers
  10. Personnel security: Ensures people that manage sensitive systems and data are protected from cybercriminals who may target them

Source: NIST SP 800-53

Help Ukraine to stop russian aggression