In February of 2017 the New York Department of Financial Services (NYDFS) released regulation 23 NYCRR 500 - a new set of cybersecurity regulations for all covered financial institutions within the state. The regulation mandates that these organizations maintain a robust cybersecurity program including written policies and procedures, risk assessments, penetration testing, vulnerability scanning, designated Chief Information Security Officer (CISO), user access controls, among other areas. The implementation phase has ended and organizations are now required to be in full compliance or face fines and potential revocation of operating licenses.
The NYDFS Cybersecurity Regulation applies to all entities operating under NYDFS licensure, registration, or charter, or which are otherwise DFS-regulated. Unregulated third-party service providers of regulated entities are also subject to this legislation. This includes banks, lenders, mortgage brokers, insurance companies, service providers, etc. Organizations that meet any of the following criteria may be exempt from certain requirements:
Navigating the numerous requirements found within this legislation can be a challenge for any organization. Luckily, you don't have to go at it alone! Compass IT Compliance offers NYDFS 23 NYCRR 500 services to assist organizations in identifying risks, internal control weaknesses, and gaps in controls against the regulation. We break down the probability and impact of individual risks and outline appropriate remediation strategies.
Let Compass IT Compliance assist your organization in assessing any risks present through our NYDFS 23 NYCRR 500 services so you can secure your cyber environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.