The NYS DFS 23 NYCRR 500 is a set of regulations from NY Department of Financial Services that require compliance from all covered financial institutions. These rules help ensure that businesses effectively protect client confidential information from cyberattacks and unauthorized access. This requires each covered entity to assess its specific risk profile and develop a program that addresses each risk at hand.
To achieve DFS Compliance contact us today
23 NYCRR 500 Requirements
NYS DFS 23 NYCRR 500 requires all Covered Entities to be compliant with the following requirements:
1. Risk Assessment, Section 500.09 (3/1/18)
2. Third Party Service Provider Security Policy, Section 500.11 (3/1/19)
3. Limitations on Data Retention, Section 500.13 (9/1/18)
4. Notices to Superintendent, Section 500.17 (b-2/15/18)
5. Cybersecurity Program, Section 500.02 (8/28/17)
6. Cybersecurity Policy, Section 500.03 (8/28/17)
7. Access Privileges, Section 500.07 (8/28/17)
Under Section 500.19, some Covered Entities are exempt from the following requirements:
8. Chief Information Security Officer (CISO)/CISOaaS, Section 500.04 (b-3/1/18)
9. Continuous Monitoring or periodic Penetration Testing and Vulnerability Assessments, Section 500.05 (3/1/18)
10. Audit Trail, Section 500.06 (9/1/18)
11. Application Security, Section 500.08 (9/1/18)
12. Cybersecurity Personnel and Intelligence, Section 500.10 (8/28/17)
13. Multi-factor Authentication, Section 500.12 (3/1/18)
14. Training and Monitoring, Section 500.14 (b-3/1/18) (a-9/1/18)
15. Encryption of Nonpublic Information, Section 500.15 (9/1/18)
16. Incident Response Plan, Section 500.16 (8/28/17)