Download NYSDFS’ Cybersecurity Rule 23 NYCRR 500 in XLS CSV

• by secboxadmin
• in GRC
• posted February 19, 2017

New York State Cybersecurity Regulation for Financial Services and Insurance Entities

The New York State Department of Financial Services (NYSDFS) has issued an updated version of its proposed Cybersecurity Requirements For Financial Services Companies, known as 23 NYCRR 500.These guidelines require banks, insurers and other financial services companies regulated by the NYDFS to set up a cybersecurity program aimed at protecting consumer information from being compromised or stolen.

The regulations demand that companies must ratify:

• Controls relating to the framework for a strong cybersecurity plan including requirements for a plan that is sufficiently funded, staffed and overseen by qualified management, as well as, reported on periodically to the most senior governing body of the organization
• Risk-based minimum standards for technology systems including access controls, data protection, encryption and penetration testing
• Mandatory minimum standards to address any cyber breaches, including: an incident response plan, protection of data to respond to breaches, and informing the Department of Financial Services (DFS) of material events
• Accountability by demanding identification and documentation of material insufficiencies, remediation plans and annual certifications to the DFS

Download the New York 23 NYCRR 500 Security Controls

Are you prepared for the upcoming NY cybersecurity regulations? Download the control data and find out.