Cybersecurity Regulation
Description
23 NYCRR 500 is a regulation issued by the New York State Department of Financial Services (NYDFS) that establishes cybersecurity requirements for financial services companies operating under NYDFS jurisdiction. The regulation mandates that covered entities develop and maintain a robust cybersecurity program, implement a risk-based cybersecurity policy, conduct regular risk assessments, and establish incident response plans. It also requires the designation of a Chief Information Security Officer (CISO) and imposes specific reporting obligations for cybersecurity events.
Overview
23 NYCRR 500 mandates robust cybersecurity measures for financial services companies, ensuring they can protect against cyber threats.
Related Cybersecurity Frameworks
CC SRG
Cloud Computing Security Requirements Guide
Cybersecurity
Learn More
CCoP
Cloud Code of Practice
Cybersecurity
Learn More
CIS Controls
Center for Internet Security Controls
Cybersecurity
Learn More
CSA CCM
Cloud Controls Matrix
Cybersecurity
Learn More
Cyber Essentials
Cyber Essentials
Cybersecurity
Learn More
DORA
Digital Operational Resilience Act
Cybersecurity
Learn More