us-state · 2017

New York Department of Financial Services Cybersecurity Regulation

23 NYCRR 500 is a prescriptive cybersecurity regulation for financial services companies licensed by the NY DFS. Amended in November 2023, it requires a CISO, annual penetration testing, MFA, encryption of nonpublic information, and 72-hour incident notification. The 2023 amendments added requirements for privileged access management, endpoint detection, and board governance.

Resumen editorial. Para el texto oficial, consulta la fuente oficial.

DecipherU no ofrece asesoría jurídica. Consulta abogado en tu jurisdicción para decisiones de cumplimiento.