NIST 800-53

Any Investment Company should comply with NIST SP 800-53 Compliance in order to pass SEC review. Company should show sufficient strive in:

1. Access control: Ensures only authorized users have access privileges
2. Audit and accountability: Involves a system of checks and balances to ensure proper protection
3. Awareness and training: Ensures team members are given the pertinent security controls training, including how these controls protect their systems
4. Configuration management: Ensures all configurations address the latest needs of the system without compromising security
5. Contingency planning: Involves creating a plan that provides different options in case your security controls do not perform as expected
6. Identification and authentication: Focuses on ensuring users and devices have valid identification and the rights they need to access systems and data
7. Incident response: Orchestrates the steps and tools used when there is a breach
8. Maintenance: Necessary for keeping the system up-to-date and functioning as it should
9. Media protection: Involves protecting the physical media used to store data, such as hard drives and servers
10. Personnel security: Ensures people that manage sensitive systems and data are protected from cybercriminals who may target them

Source: NIST SP 800-53