New York State Department of Financial Services Cybersecurity Regulation
E159469
The New York State Department of Financial Services Cybersecurity Regulation is a pioneering set of cybersecurity requirements for financial institutions operating in New York, mandating robust risk-based programs, incident reporting, and governance to protect consumers and the financial system from cyber threats.
All labels observed (2)
| Label | Occurrences |
|---|---|
| NYDFS Cybersecurity Regulation | 1 |
| New York State Department of Financial Services Cybersecurity Regulation canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1393865 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: New York State Department of Financial Services Cybersecurity Regulation Context triple: [New York State Department of Financial Services, issuesRegulation, New York State Department of Financial Services Cybersecurity Regulation]
-
A.
Cybersecurity Information Sharing Act of 2015
The Cybersecurity Information Sharing Act of 2015 is a U.S. federal law that facilitates the sharing of cyber threat information between private companies and the government to improve national cybersecurity while addressing privacy and civil liberties concerns.
-
B.
National Cybersecurity Protection System
The National Cybersecurity Protection System is a U.S. federal program that provides intrusion detection, prevention, and other security capabilities to help protect government networks from cyber threats.
-
C.
New York State Department of Financial Services
The New York State Department of Financial Services is the state regulatory agency responsible for overseeing and supervising financial institutions and insurance companies operating in New York.
-
D.
Cybersecurity and Infrastructure Security Agency Act of 2018
The Cybersecurity and Infrastructure Security Agency Act of 2018 is a U.S. federal law that formally established the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security to lead national efforts to protect critical infrastructure from cyber and physical threats.
-
E.
Federal Information Security Modernization Act of 2014
The Federal Information Security Modernization Act of 2014 is a U.S. law that updates and strengthens federal government information security practices by clarifying agency responsibilities, enhancing oversight, and modernizing the framework for protecting federal information systems.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: New York State Department of Financial Services Cybersecurity Regulation Target entity description: The New York State Department of Financial Services Cybersecurity Regulation is a pioneering set of cybersecurity requirements for financial institutions operating in New York, mandating robust risk-based programs, incident reporting, and governance to protect consumers and the financial system from cyber threats.
-
A.
Cybersecurity Information Sharing Act of 2015
The Cybersecurity Information Sharing Act of 2015 is a U.S. federal law that facilitates the sharing of cyber threat information between private companies and the government to improve national cybersecurity while addressing privacy and civil liberties concerns.
-
B.
National Cybersecurity Protection System
The National Cybersecurity Protection System is a U.S. federal program that provides intrusion detection, prevention, and other security capabilities to help protect government networks from cyber threats.
-
C.
New York State Department of Financial Services
The New York State Department of Financial Services is the state regulatory agency responsible for overseeing and supervising financial institutions and insurance companies operating in New York.
-
D.
Cybersecurity and Infrastructure Security Agency Act of 2018
The Cybersecurity and Infrastructure Security Agency Act of 2018 is a U.S. federal law that formally established the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security to lead national efforts to protect critical infrastructure from cyber and physical threats.
-
E.
Federal Information Security Modernization Act of 2014
The Federal Information Security Modernization Act of 2014 is a U.S. law that updates and strengthens federal government information security practices by clarifying agency responsibilities, enhancing oversight, and modernizing the framework for protecting federal information systems.
- F. None of above. chosen
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
New York State regulation
ⓘ
cybersecurity regulation ⓘ financial regulation ⓘ |
| alsoKnownAs |
23 NYCRR 500
ⓘ
New York State Department of Financial Services Cybersecurity Regulation ⓘ
surface form:
NYDFS Cybersecurity Regulation
|
| appliesTo |
banks operating under New York law
ⓘ
financial institutions licensed by the New York State Department of Financial Services ⓘ insurance companies regulated by NYDFS ⓘ money transmitters regulated by NYDFS ⓘ virtual currency businesses licensed by NYDFS ⓘ |
| approach | risk-based cybersecurity requirements ⓘ |
| containsExemptions | limited exemptions for small covered entities ⓘ |
| effectiveDate | March 1, 2017 ⓘ |
| enforcementBy | New York State Department of Financial Services ⓘ |
| focusesOn |
operational resilience against cyber attacks
ⓘ
protection of nonpublic information ⓘ |
| geographicScope | New York but can apply extraterritorially to covered entities with New York licenses ⓘ |
| governanceRequirement |
board of directors or equivalent oversight of cybersecurity program
ⓘ
periodic reporting by the Chief Information Security Officer to the board or senior management ⓘ |
| incidentNotificationDeadline | 72 hours from determination of a qualifying cybersecurity event ⓘ |
| influenced | other U.S. state-level cybersecurity regulations for financial institutions ⓘ |
| jurisdiction |
U.S. state of New York
ⓘ
surface form:
State of New York
|
| legalCitation | Title 23 of the New York Codes, Rules and Regulations Part 500 ⓘ |
| nonComplianceConsequences |
civil monetary penalties
ⓘ
regulatory enforcement actions by NYDFS ⓘ |
| purpose |
to protect consumers from cyber threats
ⓘ
to protect the safety and soundness of the financial system ⓘ |
| regulator | New York State Department of Financial Services ⓘ |
| requires |
access controls based on least privilege
ⓘ
annual certification of compliance by the board or a senior officer ⓘ audit trail systems for certain financial transactions and security events ⓘ cybersecurity awareness training for personnel ⓘ data retention and secure disposal policies ⓘ designation of a Chief Information Security Officer ⓘ encryption of nonpublic information in transit and at rest or compensating controls ⓘ incident response plan ⓘ monitoring and logging of network activity ⓘ multi-factor authentication ⓘ notification to NYDFS of certain cybersecurity events ⓘ penetration testing and vulnerability assessments ⓘ periodic cybersecurity risk assessments ⓘ periodic review and update of cybersecurity policies and procedures ⓘ policies for secure use of portable devices ⓘ risk-based cybersecurity program ⓘ secure application development practices ⓘ third-party service provider security policies ⓘ written cybersecurity policy ⓘ |
| sector | financial services ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: New York State Department of Financial Services Cybersecurity Regulation Description of subject: The New York State Department of Financial Services Cybersecurity Regulation is a pioneering set of cybersecurity requirements for financial institutions operating in New York, mandating robust risk-based programs, incident reporting, and governance to protect consumers and the financial system from cyber threats.
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.