This website uses cookies. View our cookie policy
Select regional store:

NYDFS cybersecurity requirements

The Cybersecurity Requirements for Financial Services Companies released by New York State’s Department of Financial Services (NYDFS) came into effect on March 1, 2017. All financial services companies that fall under NYDFS supervision are required to implement security measures in order to protect themselves against cyber attacks.


The multi-faceted Regulation – 23 NYCRR 500

Among many provisions, the Regulation requires organizations to:

  • Maintain a cybersecurity policy and program
  • Appoint a CISO
  • Limit access privileges and periodically review these privileges
  • Implement risk assessment controls and an incident response plan
  • Use qualified cybersecurity personnel
  • Establish a written cybersecurity incident response plan


Challenging deadlines

The proposal has a number of different compliance deadlines, with timelines ranging from six months to two years. Written documentation must be submitted to the Superintendent of Financial Services by February 2018, certifying that the organization meets the requirements.

In the event of a cyber attack or a breach, the organization must report the incident to the Superintendent within 72 hours.


Taking the right measures for compliance

Implementation could be challenging for organizations as there are many requirements and different timelines for each of them. Taking the right steps now to plan your cybersecurity program and align it with your business objectives is essential.

Meet requirements and deadlines with ISO 27001, the international standard for information security.

ISO 27001 is a best-practice solution that will ensure you meet the NYDFS Cybersecurity Requirements. This international standard provides an ISMS (information security management system) framework that can be used to meet the Regulation’s requirements, protect and monitor information, and follow a continual improvement approach that allows the organization to keep up with evolving threats.

Learn more about ISO 27001 and the NYDFS Cybersecurity Requirements >>


Free green paper on the NYDFS Cybersecurity Requirements and ISO 27001

If would like more information on the benefits of implementing the international standard ISO 27001 with the NYDFS Regulation, we recommend you download our free green paper, NYDFS Cybersecurity Requirements – Part 1: The Regulation and the ISO 27001 standard.

Simply click on the green paper below and we will email you a copy.


How IT Governance can help

IT Governance can help you gain the skills and tools to implement the ISO 27001 standard alongside the Regulation. We offer products tailored to NYDFS requirements. Find out more here >>