Experienced a Breach?
Our emergency incident respose team is available 24/7.

Call Us: 844-HACK-911

NYSDFS Cybersecurity 500 Compliance and Assessment Guide Excel Free Download

What is NYSDFS?

The New York State Department of Financial Services ( NYSDFS ) is the department responsible for regulating financial services and products for the New York State government. This includes the services subject to New York insurance, banking and financial service laws.

Key Processes

On August 28, 2017, NYSDFS Covered Entities had to comply the following requirements:

~ A Cybersecurity Program must be maintained
~ A Cybersecurity Policy must be drafted and implemented
~ A Chief Information Security Officer must be designated
~ Access Privileges must be limited
~ Cybersecurity Personnel must be engaged, trained and updated
~ Incident Response Plan must be drafted and established
~ Notices to Superintendent of certain cybersecurity incidents will be required

Coming in 2018

The First Annual Compliance Certificate.

OnFebruary 15, 2018, a significant requirement of the Regulation will begin. A Senior Officer  or the Board of Directors must certify that the Covered Entity is in compliance with all applicable requirements of the Regulation. The person or people making the certification, which will be submitted electronically on a prescribed form, will need to be identified.They additionally will need to prove that the certificate is truthful, this requirement should be part of the planning and not left until the deadline.

By the next transition date of March 1, 2018, each Covered Entity will need to have completed its first periodic risk assessment under written policies and procedures, and document its findings. Additionally, these Entities must meet the following requirements of the Regulation:

~ First annual requirement for CISO’s report to the Board
~ Continuous monitoring or periodic penetration testing and vulnerability assessments
~ Multi-factor authentication or risk-based authentication
~ Cybersecurity awareness training for all personnel.

Most of the remaining requirements of the Regulation must be completed by September 3, 2018, except the requirement to draft and implement written policies and procedures to manage security risk presented by third-party service providers, for which the transition date is March 1, 2019. By September 3, 2018 Covered Entities must draft and implement policies and procedures limiting the retention of certain data, and provide for its secure disposal. Covered Entities must complete the following by September 3, 2018:

~ Establish and document an audit trail
~ One that can recreate material financial transactions, detect and respond to certain cybersecurity events
~ Draft and implement policies for security of applications used within the tech environment
~ Monitor activities of authorized users
~ Satisfy encryption requirements.


NYSDFS Risk Assessment and Gap Assessment

As part of NYSDFS, your organization is required to have a formal risk assessment from a qualified 3rd party firm. Our comprehensive assessments are designed to help you prepare for your NYSDFS audit, and our patented risk management methodology will save your company time and money by creating a customized control framework mapping, designed specifically for your organization.

>>Contact us for more information.

NYSDFS Penetration Test

NightLion Security provides the advanced penetration testing services for web applications, databases, and internal infrastructure needed to protect your sensitive cardholder data and comply with NYSDFS.

>> Contact us for more information.

NYSDFS Compliance Guide in XLS / CSV format

Download from SecurityCheckbox.com
We’ve moved! We now have a new site dedicated to providing free control framework downloads. You can even create your own customized control mapping.
Check us out at www.securitycheckbox.com
Contact Please fill out the form below and we will contact you ASAP. For emergencies, please call 1-844-HACK-911
  • Reason for Contact