NY DFS 23 NYCRR 500 Compliance

What is the New York Cybersecurity Regulation?

23 NYCRR Part 500 Financial Services Law The Department of Financial Services, (DFS), has broad authority to take appropriate actions to ensure providers of financial products and services to NY consumers remain solvent, protect consumers, and act reasonably to protect against financial fraud, criminal abuse, and unethical conduct.  With Cybercrime on the rise, the DFS proposed new Cybersecurity Requirements for Financial Services Companies, which are designed to ensure safe and sound operations of Financial Providers, and protect New York’s consumers. Covered entities include but are not limited to, Banks, Lenders, Insurance Companies.  To see if your classification of business is affected, click here.

The proposed rule specifically requires what each supervised entity needs to do. This includes the following:

  • Establish a Cybersecurity Program
  • Maintain written Cybersecurity Policies
  • Follow Data Governance and Classification practices
  • Annual Penetration Testing
  • Quarterly Vulnerability Assessments
  • Institution of Log Management
  • Implementation of Access Controls based on “Least Privilege”
  • Development of an Application Security Practice for internally developed applications
  • Annual Risk Assessment
  • Employ Cybersecurity professionals to manage your risks
  • Launch a Third Party Information Security Policy and Risk Management Program
  • Configure Multi-Factor Authentication
  • Implement Record Retention Policies and Procedures
  • Provide Security Awareness Training
  • Institute Data Encryption for data in transit or stored
  • Develop and test a security Incident Response Plan
  • Report on a bi-annual basis to the company’s board or governing body on risks
  • Annually certify your compliance to the DFS

Your vision could be the next
disruptive change in your industry

Schedule a free 30-minute strategic session with our experts. Explore how we can bring your company to the cutting edge of digital innovation.

No, thanks. I’m satisfied with the status quo.

THE GRC FRAMEWORK MANAGEMENT PLATFORM

A JOB BOARD THAT HELPS ORGANIZATIONS

Whit a to create job descriptions and assess candidates. it will publish job post at linkedin, indeed, la pieza from one place

IS AN AI FOR STREAMING CREATORS

that automatically generates content for non-live platforms using facial emotion recognition.

A PLATFORM TO DELIVER SERVICE TO DOOR AND HELP SERVICE DELIVERS

like carpenters, maintenance guys, electricicias to manage accounts and book deliveries.

FINTECH PLATFORM TO INCENTIVE HELTY FINANCES AND INVESTMENT IN NON FINANCIAL SAVY PERSONS

ITS A PLATFORM TO MANAGE TASK FROM MULTIPLE SOURCES

What do you have in mind?