The 18-month transitional period for compliance with sections 500.06 (Audit Trail), 500.08 (Application Security), 500.13 (Limitations on Data Retention), 500.14(a) (Training and Monitoring), and 500.15 (Encryption of Nonpublic Information) of the NYDFS Cybersecurity Requirements has ended. There is still time to comply if your organization has not done so. March 1, 2019 marks the end of the two-year transitional period for the Regulation.
Compliance with all sections of 500.11 (Third Party Service Provider Security Policy) is required by the final deadline.
Requirements remaining after the previous two transitional periods are under sections:
- 500.02 Cybersecurity Program
- 500.03 Cybersecurity Policy
- 500.04b Reporting of the Chief Information Security Officer
- 500.07 Access Privileges
- 500.10 Cybersecurity Personnel and Intelligence
- 500.11 Third Party Service Provider Security Policy
- 500.16 Incident Response Plan
- 500.17 Notices to Superintendent
- 500.18 Confidentiality
It’s not too late to begin your compliance journey
The NYDFS doesn’t provide much information on exactly how organizations should comply with the legislation. Fortunately, most of its requirements align with the best practices described in ISO 27001, so organizations can use the Standard as a basis for their NYDFS Cybersecurity Requirements compliance project.
If you haven’t yet conducted a risk assessment in line with the Cybersecurity Requirements, you might be interested in vsRisk™. You will need to perform a risk assessment to meet many of the NYDFS’ requirements, and Vigilant Software’s tool helps simplify the process. It provides a simple and fast way to identify relevant threats, and delivers repeatable, consistent assessments year after year.
vsRisk’s integrated risk, vulnerability, and threat database eliminate the need to compile a list of potential risks, and the built-in controls help you comply with multiple frameworks.
Is your organization #BreachReady?
To help your organization become #BreachReady this summer, IT Governance USA is offering up to 20% off all sorts of solutions to prevent or mitigate the effect of data breaches.