This is the third part of a 3-part instructional series from 24By7Security on the New York State Cybersecurity Regulations.
This 3-part instructional series addresses requirements that New York Department of Financial Services (NYDFS) introduced as NY CRR 500 (Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations). There are 23 sections, 15 of which specifically deal with Cybersecurity requirements.
Any entity subject to the Banking, Insurance and/ or Financial Services laws in New York State, is considered a covered entity for the purpose of compliance with NY CRR 500.
Some key definitions that are part of this regulation are:
There are 5 sections of the regulations that address the various Cybersecurity activities that covered entities should be doing a part of the implementation of this phase. You will see in the PDF available for download in this article, what these sections entail.
Section 500.06 provides regulations on audit trails and retention requirements. Section 500.08 specifies application security requirements to be included in written policies, procedures and guidelines. It also addresses periodic review and revision of these policies and procedures. Section 500.13 talks about disposal of data. Section 500.14(a) discusses the need to monitor user activity and incident detection. Section 500.15 puts down rules related to encryption. Section 500.11, addressing 3rd party service provider security, is due on March 1, 2019. It addresses security controls to be put in place with vendors or 3rd party service providers who access the covered entity’s non-public information.
The New York Cybersecurity Regulations put forth by the Department of Financial Services are a comprehensive set of step-by-step requirements that assist covered entities in setting up and maintaining a strong Cybersecurity posture which is essential in today’s world of constant cyber crime. We hope that you find this blog and our download useful as a guideline to help you get compliant, or even as a checklist to verify your current state. This is Part 3 of an instructional series brought to you by 24By7Security, on compliance with the New York State (NYDFS) Cybersecurity Regulations NY CRR 500, covering items that should be complied with by September 1, 2018 and one section that should be complied with by March 1, 2019.