The NYDFS Cybersecurity regulation is relevant to all financial services, banking, and insurance organizations doing business in the state of New York that have 10 employees or more than $5 million in revenue.
If your organization falls into that category you should be aware of the NYDFS Cybersecurity Regulation phased implementation schedule. Each of these due dates define a specific set of milestones the organization should meet to be deemed compliant.
Key Due Dates
September 1, 2017, March 1, 2018, September 1, 2018, and March 1, 2019
Requirements of Note
In addition to the phased implementation schedule, the NYDFS Cybersecurity Regulation has a number of specific requirements organizations should be aware.
|Section 500.09||Requires a cybersecurity risk assessment that will drive overall program implementation|
|Section 500.05||Requires that a CISO report directly to the board (this can be a third party)|
|Section 500.02||Requires implementation a security program including required policies and procedures|
|Section 500.16||Requires an cybersecurity incident response plan|
|Section 500.17||Requires notices and submission to the superintendent|
|Section 500.XX||Other various technical requirements such as encryption, Two-Factor Authentication (2FA), Security Monitoring/Penetration Testing, Security Training, Data Retention|
If you would like more information on the NYDFS Cybersecurity Regulation implementation schedule and a breakdown of the entire regulation you can download our whitepaper below. The whitepaper includes a easy-to-read implementation roadmap and summary of each requirement outlined in the seventeen articles withing the regulation.