23 NYCRR 500: Legislation Specific to New York State
State Regulations for the Cyber Security of Financial Institutions
This is a law specific to businesses operating in the State of New York adopted March 1, 2017, to protect the state from cyber-attacks. The regulation requires banks, insurance companies, and other financial institutions regulated by the State Department of Financial Services to establish and maintain a cyber security program.
Where Can Financial Institutions in New York State Begin?
You’ll want to visit the New York State page on 23 NYCRR 500. Additionally, you will want to become familiar with the requirements of this regulation which include:
Maintaining a cyber security program
Implementing and maintaining a written cyber security policy
Designating a chief information security officer (CISO)
Limiting user access privileges around nonpublic information
Utilizing and training cyber security personnel
Establishing a written incident response plan
Sending notices to superintendent upon incident and annually by Feb. 15.
The next deadline is March 1, 2018. By this time, your business will need to have met the following criteria in order to achieve regulation compliance:
CISO annual reporting
Annual Penetration Testing
Bi-annual Vulnerability Assessments
Period Risk Assessments
Regular Cybersecurity Awareness Training
How Can Dox Help Your Business with Regulatory Compliance?
In addition to conducting security assessments and pen testing, Dox has security solutions to assist your business in closing any gaps, securing your network and data, and getting you 23 NYCRR 500 compliant. We even offer cybersecurity awareness training, CISO services, and annual reporting so we can fill that role for your organization on a schedule that meets your needs and fits your budget.
The Final Result of Partnering with Dox Electronics
Our experts deliver the results of your business from a complete analysis of the 23 NYCRR 500 requirements. We can explain whether your company earned a pass/fail rating for each requirement based on the associated controls your organization currently has in place. This becomes a “to-do list” for your business to work on toward compliance before the March 1, 2018, deadline.
No need to worry or feel overwhelmed. Dox also provides outstanding professional services to achieve complete compliance before the deadline.
What Happens If You Don’t Meet the Deadline?
Businesses that fail to meet the deadline may face loss of business and reputation as well as fines.
The Clock is Already Ticking on Regulation Compliance
March is just a few months away, so if you need help conducting an assessment of your business security or meeting the requirements of 23 NYCRR 500 before March 1, 2018, please contact us and we'll reach out as soon as possible!