23 NYCRR 500

E626972

23 NYCRR 500 is a New York State Department of Financial Services regulation that sets mandatory cybersecurity requirements for financial institutions and related entities operating under its jurisdiction.

All labels observed (1)

Label Occurrences
23 NYCRR 500 canonical 1

How this entity was disambiguated

Statements (52)

Predicate Object
instanceOf New York State regulation
cybersecurity regulation
appliesTo financial institutions regulated by the New York State Department of Financial Services
insurance companies regulated by the New York State Department of Financial Services
licensed lenders regulated by the New York State Department of Financial Services
money transmitters regulated by the New York State Department of Financial Services
mortgage bankers and mortgage brokers regulated by the New York State Department of Financial Services
virtual currency businesses regulated by the New York State Department of Financial Services
contains Section 500.01 Definitions
Section 500.02 Cybersecurity Program
Section 500.03 Cybersecurity Policy
Section 500.04 Chief Information Security Officer
Section 500.05 Penetration Testing and Vulnerability Assessments
Section 500.06 Audit Trail
Section 500.07 Access Privileges
Section 500.08 Application Security
Section 500.09 Risk Assessment
Section 500.10 Cybersecurity Personnel and Intelligence
Section 500.11 Third Party Service Provider Security Policy NERFINISHED
Section 500.12 Multi-Factor Authentication
Section 500.13 Limitations on Data Retention
Section 500.14 Training and Monitoring
Section 500.15 Encryption of Nonpublic Information
Section 500.16 Incident Response Plan
Section 500.17 Notices to Superintendent
Section 500.17(c) Annual Certification of Compliance
enforcedBy New York State Department of Financial Services NERFINISHED
geographicScope State of New York NERFINISHED
goal to protect consumers from the consequences of cybersecurity incidents
to strengthen cybersecurity practices of regulated financial entities
jurisdiction New York State Department of Financial Services NERFINISHED
legalBasis New York Financial Services Law NERFINISHED
regulator New York State Department of Financial Services NERFINISHED
requires annual certification of compliance to the New York State Department of Financial Services
board of directors or senior officer approval of cybersecurity policies
cybersecurity awareness training for personnel
cybersecurity event logging and monitoring
designation of a Chief Information Security Officer
encryption of nonpublic information in transit and at rest, or use of compensating controls
incident response plan
limitations on data retention and secure disposal of nonpublic information
multi-factor authentication
notification to the New York State Department of Financial Services of certain cybersecurity events
penetration testing and vulnerability assessments
periodic risk assessments
risk-based cybersecurity program
third-party service provider security policies
written cybersecurity policy
sector financial services
subjectMatter cybersecurity requirements
information security
protection of nonpublic information

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.