23 NYCRR 500

23 NYCRR 500: Legislation Specific to New York State

State Regulations for the Cyber Security of Financial Institutions

This is a law specific to businesses operating in the State of New York adopted March 1, 2017, to protect the state from cyber-attacks. The regulation requires banks, insurance companies, and other financial institutions regulated by the State Department of Financial Services to establish and maintain a cyber security program.
 

Where Can Financial Institutions in New York State Begin?

You’ll want to visit the New York State page on 23 NYCRR 500. Additionally, you will want to become familiar with the requirements of this regulation which include:
  • Maintaining a cyber security program
  • Implementing and maintaining a written cyber security policy
  • Designating a chief information security officer (CISO)
  • Limiting user access privileges around nonpublic information
  • Utilizing and training cyber security personnel
  • Establishing a written incident response plan
  • Sending notices to superintendent upon incident and annually by Feb. 15.

Each year you must submit certification of compliance by April 15th that your business met the following criteria:
  • CISO annual reporting
  • Annual Penetration Testing
  • Bi-annual Vulnerability Assessments
  • Period Risk Assessments
  • Multi-Factor Authentication
  • Regular Cybersecurity Awareness Training

How Can Dox Help Your Business with Regulatory Compliance?

In addition to conducting security assessments and pen testing, Dox has security solutions to assist your business in closing any gaps, securing your network and data, and getting you 23 NYCRR 500 compliant. We even offer cybersecurity awareness training, CISO services, and annual reporting so we can fill that role for your organization on a schedule that meets your needs and fits your budget.
 

The Final Result of Partnering with Dox Electronics

Our experts deliver the results of your business from a complete analysis of the 23 NYCRR 500 requirements. We can explain whether your company earned a pass/fail rating for each requirement based on the associated controls your organization currently has in place. This becomes a “to-do list” for your business to work on toward achieving 23 NYCRR 500 compliance.

No need to worry or feel overwhelmed. Dox also provides outstanding professional services for remediation so your business can achieve complete compliance quickly and easily.
 

What Happens If You Don’t Meet the Deadline?

Businesses that fail to meet the deadline may face loss of business and reputation as well as fines.

The Clock is Already Ticking on Regulation Compliance

If your business needs assistance with conducting a security assessment to ensure it's meeting the requirements of 23 NYCRR 500, please contact Dox and we'll reach out as soon as possible.

Copyright ©   DoxWeb Design & SEO by Scriptable Solutions