NYS DFS 23 NYCRR
The Department of Financial Services established cybersecurity requirements for financial services. This requirement is covered in 23 NYCRR 500 and the series of different sections will be implemented at various time periods. Implementation of the first section 500.09 will be implemented on 03/01/2018 and will require financial services to obtain risk assessment reports in relation to the Cybersecurity Triad: Confidentiality, Integrity, and Availability. Financial services will require documentation as proof of compliance which will include a risk assessment report, remediation plan, and records of required meetings and activities related to cyber risk.
More detailed information regarding the 23 NYCRR 500 Compliance:
NYS DFS Information
HIPAA Security Rule
The Health Insurance Portability and Accountability Act (HIPAA) requires organizations in the health care industry to comply with the HIPAA Security Rule to ensure that the Cybersecurity Triad (CIA) is applied to protect electronic health information. Organizations must align their security program to the NIST Cybersecurity Framework or the HIPAA Security rule in order to identify potential vulnerabilities in their technical security. Organizations need to prepare these five cybersecurity functions (Identify, Protect, Detect, Respond, and Recover).
More detailed information regarding the HIPAA Cybersecurity Guidance:
HIPAA Compliance Information