Skip to main content
NYDFS Cybersecurity Regulation (New York Department of Financial Services)

NYDFS Cybersecurity Regulation


NYDFS Cybersecurity Regulation (New York Department of Financial Services)

The NYDFS Cybersecurity Regulation (23 NYCRR 500) comprises a new set of New York Department of Financial Services rules imposing strict digital security requirements on financial institutions, such as banks, mortgage companies and insurance firms. Additionally, NYCRR applies to unregulated third parties working with regulated companies. Under NYCRR affected organizations must implement a detailed cybersecurity plan, articulate wide-ranging policies and establish/operate a cybersecurity incident reporting system. Released in February 2017, NYCRR mandates that each institution conduct a risk assessment and implement controls for effective detection of and response to cyber events. Cybersecurity programs must address five core functions established by the NIST Cybersecurity Framework:

  • Develop the organizational knowledge necessary to manage system, asset, data and capability risk
  • Deploy cybersecurity infrastructure necessary to defend against these threats
  • Implement technologies and processes necessary detect cybersecurity incidents
  • Implement necessary incident response protocols and procedures and act to mitigate security events
  • Take appropriate remediation steps to recover from security events

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.

Explore the Dictionary

Related Assets

March 21, 2019

Machine Learning: Key Adoption Cybersecurity Considerations

Learn how billions of dollars are being invested in ML for data analysis to improve decision-making or customer satisfaction.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

September 21, 2018

The Necessity of Enemy Perspectives: The Enemy Gets a Vote

The enemy gets a vote. The current Secretary of Defense and retired Marine Corps General James Mattis is fond of this observation. However, in many ar...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.