The NYDFS (New York State Department of Financial Services) has updated the cybersecurity FAQ for the 23 NYCRR 500 cybersecurity requirements. It now specifies that covered entities using outside agents for utilization review must treat those agents as third-party service providers.
All financial services companies that fall under NYDFS supervision are required to implement adequate information security measures. 23 NYCRR 500 is considered the first state regulation to address financial services cybersecurity. It imposed three deadlines for organizations that need to achieve compliance. Two deadlines have passed, and March 1, 2019 is the final deadline, at which point all requirements must be met.
Where is your organization at on its NYDFS compliance journey?
The NYDFS doesn’t provide much information on exactly how organizations should comply with the legislation. Fortunately, most of its requirements align with the best practices described in ISO 27001, so organizations can use the Standard as a basis for their NYDFS Cybersecurity Requirements compliance project.
IT Governance is the one-stop shop for your ISO 27001 needs.
If you haven’t yet conducted a risk assessment in line with the Cybersecurity Requirements, you might be interested in vsRisk™. You will need to perform a risk assessment to meet many of the NYDFS’s requirements, and Vigilant Software’s tool helps simplify the process. It provides a simple and fast way to identify relevant threats and delivers repeatable, consistent assessments year after year.
vsRisk’s integrated risk, vulnerability, and threat database eliminate the need to compile a list of potential risks, and the built-in controls help you comply with multiple frameworks.
Is your organization #BreachReady?
Discover how to prepare for a data breach by visiting our #BreachReady page. We break the process down into six simple steps and recommend tools and services you can use to complete each task.