23 NYCRR 500
E626972
23 NYCRR 500 is a New York State Department of Financial Services regulation that sets mandatory cybersecurity requirements for financial institutions and related entities operating under its jurisdiction.
All labels observed (1)
| Label | Occurrences |
|---|---|
| 23 NYCRR 500 canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T6899914 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: 23 NYCRR 500 Context triple: [New York State Department of Financial Services Cybersecurity Regulation, alsoKnownAs, 23 NYCRR 500]
-
A.
New York City Health Code
The New York City Health Code is a comprehensive set of local public health regulations that governs issues such as sanitation, disease control, food safety, and environmental health within New York City.
-
B.
New York Civil Service Law
New York Civil Service Law is a body of state statutes that governs the organization, appointment, promotion, and discipline of public employees in New York’s civil service system.
-
C.
New York City Administrative Code
The New York City Administrative Code is the codified body of local laws and regulations governing New York City’s municipal operations, public conduct, and regulatory frameworks.
-
D.
New York Civil Practice Law and Rules
The New York Civil Practice Law and Rules is the primary statutory framework that governs civil litigation procedure in New York State courts, including rules on jurisdiction, pleadings, motions, discovery, and trials.
-
E.
New York Municipal Home Rule Law
The New York Municipal Home Rule Law is a New York State statute that grants and regulates the powers of local governments to adopt and amend their own laws and charters on local matters.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: 23 NYCRR 500 Target entity description: 23 NYCRR 500 is a New York State Department of Financial Services regulation that sets mandatory cybersecurity requirements for financial institutions and related entities operating under its jurisdiction.
-
A.
New York City Health Code
The New York City Health Code is a comprehensive set of local public health regulations that governs issues such as sanitation, disease control, food safety, and environmental health within New York City.
-
B.
New York Civil Service Law
New York Civil Service Law is a body of state statutes that governs the organization, appointment, promotion, and discipline of public employees in New York’s civil service system.
-
C.
New York City Administrative Code
The New York City Administrative Code is the codified body of local laws and regulations governing New York City’s municipal operations, public conduct, and regulatory frameworks.
-
D.
New York Civil Practice Law and Rules
The New York Civil Practice Law and Rules is the primary statutory framework that governs civil litigation procedure in New York State courts, including rules on jurisdiction, pleadings, motions, discovery, and trials.
-
E.
New York Municipal Home Rule Law
The New York Municipal Home Rule Law is a New York State statute that grants and regulates the powers of local governments to adopt and amend their own laws and charters on local matters.
- F. None of above. chosen
Statements (52)
| Predicate | Object |
|---|---|
| instanceOf |
New York State regulation
ⓘ
cybersecurity regulation ⓘ |
| appliesTo |
financial institutions regulated by the New York State Department of Financial Services
ⓘ
insurance companies regulated by the New York State Department of Financial Services ⓘ licensed lenders regulated by the New York State Department of Financial Services ⓘ money transmitters regulated by the New York State Department of Financial Services ⓘ mortgage bankers and mortgage brokers regulated by the New York State Department of Financial Services ⓘ virtual currency businesses regulated by the New York State Department of Financial Services ⓘ |
| contains |
Section 500.01 Definitions
ⓘ
Section 500.02 Cybersecurity Program ⓘ Section 500.03 Cybersecurity Policy ⓘ Section 500.04 Chief Information Security Officer ⓘ Section 500.05 Penetration Testing and Vulnerability Assessments ⓘ Section 500.06 Audit Trail ⓘ Section 500.07 Access Privileges ⓘ Section 500.08 Application Security ⓘ Section 500.09 Risk Assessment ⓘ Section 500.10 Cybersecurity Personnel and Intelligence ⓘ Section 500.11 Third Party Service Provider Security Policy NERFINISHED ⓘ Section 500.12 Multi-Factor Authentication ⓘ Section 500.13 Limitations on Data Retention ⓘ Section 500.14 Training and Monitoring ⓘ Section 500.15 Encryption of Nonpublic Information ⓘ Section 500.16 Incident Response Plan ⓘ Section 500.17 Notices to Superintendent ⓘ Section 500.17(c) Annual Certification of Compliance ⓘ |
| enforcedBy | New York State Department of Financial Services NERFINISHED ⓘ |
| geographicScope | State of New York NERFINISHED ⓘ |
| goal |
to protect consumers from the consequences of cybersecurity incidents
ⓘ
to strengthen cybersecurity practices of regulated financial entities ⓘ |
| jurisdiction | New York State Department of Financial Services NERFINISHED ⓘ |
| legalBasis | New York Financial Services Law NERFINISHED ⓘ |
| regulator | New York State Department of Financial Services NERFINISHED ⓘ |
| requires |
annual certification of compliance to the New York State Department of Financial Services
ⓘ
board of directors or senior officer approval of cybersecurity policies ⓘ cybersecurity awareness training for personnel ⓘ cybersecurity event logging and monitoring ⓘ designation of a Chief Information Security Officer ⓘ encryption of nonpublic information in transit and at rest, or use of compensating controls ⓘ incident response plan ⓘ limitations on data retention and secure disposal of nonpublic information ⓘ multi-factor authentication ⓘ notification to the New York State Department of Financial Services of certain cybersecurity events ⓘ penetration testing and vulnerability assessments ⓘ periodic risk assessments ⓘ risk-based cybersecurity program ⓘ third-party service provider security policies ⓘ written cybersecurity policy ⓘ |
| sector | financial services ⓘ |
| subjectMatter |
cybersecurity requirements
ⓘ
information security ⓘ protection of nonpublic information ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: 23 NYCRR 500 Description of subject: 23 NYCRR 500 is a New York State Department of Financial Services regulation that sets mandatory cybersecurity requirements for financial institutions and related entities operating under its jurisdiction.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.