us-state · 2017

New York Department of Financial Services Cybersecurity Regulation

23 NYCRR 500 is a prescriptive cybersecurity regulation for financial services companies licensed by the NY DFS. Amended in November 2023, it requires a CISO, annual penetration testing, MFA, encryption of nonpublic information, and 72-hour incident notification. The 2023 amendments added requirements for privileged access management, endpoint detection, and board governance.

Resumo editorial. Para o texto oficial, consulte a fonte oficial.

A DecipherU não oferece consultoria jurídica. Consulte um advogado na sua jurisdição para decisões de compliance.