NYDFS is an acronym for the New York Department of Financial Services. NYDFS established a set of cybersecurity requirements under the NYDFS Cybersecurity Regulation or 23 NYCRR Part 500. These requirements apply to financial services firms and compel them to create a cybersecurity program that addresses the following areas:

‍

• information security
• data governance and classification
• asset inventory and device management
• access controls and identity management
• business continuity and disaster recovery planning and resources
• systems operations and availability concerns
• systems and network security
• systems and network monitoring
• systems and application development and quality assurance
• physical security and environmental controls
• customer data privacy
• vendor and Third Party Service Provider management
• risk assessment
• incident response

‍