This is a law specific to businesses operating in the State of New York adopted March 1, 2017, to protect the state from cyber-attacks. The regulation requires banks, insurance companies, and other financial institutions regulated by the State Department of Financial Services to establish and maintain a cyber security program.
Cyber Security for Organizations Accessing the DMF
Passed in December 2013, this is a federal regulation limiting access to and the content of the Social Security Administration’s Death Master File (DMF). The DMF includes the names, social security numbers, dates of birth, and dates of death for individuals who have died since 1936 in the United States. This regulation protects the information of those who have died in the last three years.
How Can Your Business Begin to Achieve DMF Compliance?
You’ll want to learn more about the federal DMF regulation. Any executive department or agency (such as municipalities or benefits providers including insurance companies and financial institutions) seeking access to the DMF must complete and submit a certification form to the National Technical Information Service (NTIS). They must also enter into a subscription agreement with NTIS for direct access to the Limited Access DMF.
Additionally, companies and organizations wishing continued access to the DMF must:
Have a certified person on staff who, in order to become certified, must submit a written attestation from an Accredited Conformity Assessment Body (an independent third party provider) that they have information security systems, facilities, and procedures in place to protect the information in the DMF.
Conduct an annual assessment of security systems, facilities, and procedures protecting the Limited Access DMF.
Employ an independent third party provider to conduct periodic scheduled and unscheduled audits of certified persons on behalf of NTIS, ensuring proper safeguards against unauthorized access and use of DMF information.
Adhere to NTIS Publication 100, which provides guidance for these safeguards and are based on NIST SP 800-53 Revision 4 and closely resemble DFARS requirements.
Demonstrate annual compliance in order to retain certification and access to the DMF.
How Dox Assists Your Business with Regulation Compliance
In addition to conducting annual security assessments and pen testing, Dox has security solutions to assist your business in closing any gaps, securing your network and data, and getting you DMF compliant. We are an independent third party that can attest to your information security systems, facilities, and procedures to protect the information in the DMF. Our experts can also perform scheduled and unscheduled audits and will recommend cyber security improvements to ensure DMF regulation compliance.
The Final Result of Partnering with Dox Electronics
Our experts deliver the results of your business from a complete analysis of the DMF requirements. We can explain whether your company earned a pass/fail rating for each requirement based on the associated controls your organization currently has in place. This becomes a “to-do list” for your business to work on toward compliance before the annual deadline.
No need to worry or feel overwhelmed. Dox also provides outstanding professional services to achieve complete compliance before the deadline.
What Happens If You Don’t Meet the Deadline?
Businesses that fail to meet the deadline may face loss of certification, revocation of access to the DMF, and fines.
The Clock is Already Ticking on Regulation Compliance
Annual regulatory compliance is required for access to the DMF. If you need help conducting a security assessment or an audit of your business security to meet the requirements of DMF, please contact us and we'll reach out as soon as possible.