In response to the increasing cybersecurity threat posed to information and financial systems, the New York State Department of Financial Services (DFS) has passed the State of New York’s Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). This law took effect on March 1, 2017 in an effort to protect customer information, as well as the IT systems of regulated entities. The adoption timeline for the specific requirements of the regulation continues throughout 2018 and 2019.
If you are a financial services organization licensed and/or regulated by the New York State DFS, you are now required to assess your specific security risk profile and design a program that addresses your organization’s risks, as well as file an annual certification that confirms you are in compliance with the regulations.
Download Solution Brief
The complete list of requirements can be found here, but here is a partial list: