We’re less than three months away from the 180-day transition period of the New York Department of Financial Services’ (NYDFS) Cybersecurity Requirements.
By August 28, 2017, Covered Entities must meet the following requirements:
- Section 500.02: Maintain a documented, risk-based cybersecurity program.
- Section 500.03: Implement and maintain a cybersecurity policy.
- Section 500.04(a): Designate a chief information security officer.
- Section 500.10: Limit access privileges to information systems that provide access to nonpublic information, and periodically review these access privileges.
- Section 500.16: Establish a written cybersecurity incident response plan.
To help you get started with meeting these requirements, we’ve compiled a list of free resources:
NYDFS Frequently Asked Questions
The New York Department of Financial Services has created a webpage with answers to the most often asked questions on the Regulation’s requirements.
Cybersecurity assessment tool
The Federal Financial Institutions Examination Council (FFIEC) provides a free tool to help institutions identify their risks and determine their cybersecurity preparedness.
It provides a repeatable and measurable process that can help management and directors of financial institutions understand supervisory expectations, increase awareness of cybersecurity risks, and assess and mitigate the risks facing their institutions.
Application security software tool
The Open Web Application Security Project (OWASP) offers “software tools and knowledge-based documentation on application security.”
OWASP is an open-source software security community that aims to help organizations conceive, develop, acquire, operate, and maintain applications that can be trusted. It also hosts a number of global, regional, and local events under its AppSec Conference banner.
Web application security information and statistics
The Web Application Security Consortium (WASC) produces open-source security standards for the World Wide Web.
The consortium, comprised of an international group of experts, industry practitioners, and organizational representatives, aims to create an open forum for the discussion, education, and dissemination of web application security issues.
The Financial Services Information Sharing and Analysis Center (FS-ISAC) is the financial industry’s go-to resource for cyber and threat intelligence analysis and sharing. For both physical and cyber events, FS-ISAC alerts contain a description of the threat or vulnerability, its severity, and recommendations for solutions.
Similarly, the Multi-State Information Sharing & Analysis Center (MS-ISAC) is an industry forum “for collaboration on critical security threats facing the global financial services sector.” Partnering with the Department of Homeland Security, it provides alerts to current attacks and threats.
Creating a best-practice ISMS framework to achieve compliance
Lastly, IT Governance provides a host of resources to help your organization prepare for the NYDFS Cybersecurity Requirements.
The best place to start may be with our free two-part green paper, which shows you how the international standard ISO 27001 can be used as a framework to help meet the Regulation’s demands.
Download NYDFS Cybersecurity Requirements – Part 1: The Regulation and the ISO 27001 standard to learn how to simplify the implementation process with ISO 27001.
If you download this green paper, you will also receive Part 2: Mapped Alignment with ISO 27001, which shows you how ISO 27001 provides additional controls to strengthen your cybersecurity posture.