Title 23 of the New York Codes, Rules and Regulations Part 500
E626973
Title 23 of the New York Codes, Rules and Regulations Part 500 is a New York State Department of Financial Services regulation that sets mandatory cybersecurity requirements for covered financial institutions operating in the state.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| Title 23 NYCRR Part 500 | 0 |
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
New York State regulation
ⓘ
cybersecurity regulation ⓘ financial services regulation ⓘ |
| abbreviation | 23 NYCRR 500 ⓘ |
| appliesTo |
banks regulated by the New York State Department of Financial Services
ⓘ
covered entities regulated by the New York State Department of Financial Services ⓘ insurance companies regulated by the New York State Department of Financial Services ⓘ licensed lenders regulated by the New York State Department of Financial Services ⓘ money transmitters regulated by the New York State Department of Financial Services ⓘ virtual currency businesses regulated by the New York State Department of Financial Services ⓘ |
| complianceDate | 2018-03-01 ⓘ |
| effectiveDate | 2017-03-01 ⓘ |
| enforcedBy | New York State Department of Financial Services NERFINISHED ⓘ |
| geographicScope | operations involving New York State or New York residents ⓘ |
| goal |
improvement of cybersecurity posture of regulated financial institutions
ⓘ
protection of consumers’ nonpublic information ⓘ |
| hasSection |
500.01 Definitions
ⓘ
500.02 Cybersecurity Program ⓘ 500.03 Cybersecurity Policy ⓘ 500.04 Chief Information Security Officer ⓘ 500.05 Penetration Testing and Vulnerability Assessments ⓘ 500.06 Audit Trail ⓘ 500.07 Access Privileges ⓘ 500.09 Risk Assessment ⓘ 500.11 Third Party Service Provider Security Policy ⓘ 500.17 Notices to Superintendent ⓘ |
| jurisdiction | New York State NERFINISHED ⓘ |
| legalBasis | New York Financial Services Law NERFINISHED ⓘ |
| regulator | New York State Department of Financial Services NERFINISHED ⓘ |
| regulatoryArea |
data protection
ⓘ
information security ⓘ operational risk management ⓘ |
| requires |
access controls and identity management
ⓘ
annual certification of compliance ⓘ application security standards ⓘ audit trail systems ⓘ board or senior officer approval of the cybersecurity policy ⓘ cybersecurity awareness training for personnel ⓘ cybersecurity event reporting to the New York State Department of Financial Services ⓘ designation of a Chief Information Security Officer ⓘ encryption of nonpublic information in transit and at rest or use of compensating controls ⓘ implementation of cybersecurity controls based on risk assessment ⓘ incident response plan ⓘ maintenance of a cybersecurity program ⓘ maintenance of a written cybersecurity policy ⓘ multi-factor authentication or risk-based authentication ⓘ oversight of third-party service provider cybersecurity risk ⓘ penetration testing and vulnerability assessments ⓘ periodic risk assessments ⓘ secure disposal of nonpublic information ⓘ |
| subject | cybersecurity requirements for financial institutions ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.
New York State Department of Financial Services Cybersecurity Regulation
→
legalCitation
→
Title 23 of the New York Codes, Rules and Regulations Part 500
ⓘ