Download NYSDFS’ Cybersecurity Rule 23 NYCRR 500 in XLS CSV

New York State Cybersecurity Regulation for Financial Services and Insurance Entities

The New York State Department of Financial Services (NYSDFS) has issued an updated version of its proposed Cybersecurity Requirements For Financial Services Companies, known as 23 NYCRR 500.These guidelines require banks, insurers and other financial services companies regulated by the NYDFS to set up a cybersecurity program aimed at protecting consumer information from being compromised or stolen.

The regulations demand that companies must ratify:

  • Controls relating to the framework for a strong cybersecurity plan including requirements for a plan that is sufficiently funded, staffed and overseen by qualified management, as well as, reported on periodically to the most senior governing body of the organization
  • Risk-based minimum standards for technology systems including access controls, data protection, encryption and penetration testing
  • Mandatory minimum standards to address any cyber breaches, including: an incident response plan, protection of data to respond to breaches, and informing the Department of Financial Services (DFS) of material events
  • Accountability by demanding identification and documentation of material insufficiencies, remediation plans and annual certifications to the DFS

Download the New York 23 NYCRR 500 Security Controls

Are you prepared for the upcoming NY cybersecurity regulations? Download the control data and find out.

Download from
We’ve moved! We now have a new site dedicated to providing free control framework downloads. You can even create your own customized control mapping.
Check us out at

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.