NYDFS Cybersecurity Requirements

By : 6clicks
The NYDFS provides regulatory minimum standards for financial services organiastions located in New York.
In stock


This download includes Part 500 of Title 23 cyber security regulations developed by the New York State Department of Financial Services (“DFS”).

Effective March 1, 2017, the Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies (referred to below as “the Cybersecurity Regulation” or “Part 500”). The individuals and entities required to comply with the Cybersecurity Regulation include, but are not limited to, partnerships, corporations, branches, agencies, and associations operating under, or required to operate under, a license, registration, charter, certificate, permit, accreditation, or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law (referred to below as “Covered Entities”). It includes section 500.2 to 500.23 and their corresponding provisions.

They are:

  • 500.02 Cybersecurity Program
  • 500.04 Chief Information Security Officer
  • 500.05 Penetration Testing and Vulnerability Assessment
  • 500.06 Audit Trail
  • 500.07 Access Privileges
  • 500.08 Application Secuirty
  • 500.09 Risk Assessment
  • 500.10 Cybersecurity Personnel and Intelligence,
  • 500.11 Third Party Service Provider Security Policy
  • 500.12 Multi-Factor Authentication
  • 500.14 Training and Monitoring
  • 500.15 Encryption of Nonpublic Information
  • 500.16 Incident Response Plan
  • 500.17 Notices to Superintendent
  • 500.18 Confidentiality
  • 500.19 Exemptions
  • 500.20 Enforcement
  • 500.21 Effective Date
  • 500.22 Transition Periods
  • 500.23 Severability

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.

More Information

More Information
Jurisdiction United States
Type Laws or related obligations