NYDFS Cybersecurity Regulation

NYDFS Cybersecurity Regulation

NYDFS is an acronym for the New York Department of Financial Services. NYDFS established a set of cybersecurity requirements under the NYDFS Cybersecurity Regulation or 23 NYCRR Part 500. These requirements apply to financial services firms and compel them to create a cybersecurity program that addresses the following areas:

  • information security
  • data governance and classification
  • asset inventory and device management
  • access controls and identity management
  • business continuity and disaster recovery planning and resources
  • systems operations and availability concerns
  • systems and network security
  • systems and network monitoring
  • systems and application development and quality assurance
  • physical security and environmental controls
  • customer data privacy
  • vendor and Third Party Service Provider management
  • risk assessment
  • incident response