Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services’ new cybersecurity regulation, 23 NYCRR 500.
Banks, insurers, and other financial services organizations in New York state have until tomorrow to file for their first annual certification of compliance with 23 NYCRR 500, the New York State Department of Financial Services' historic cybersecurity regulation.
The law officially went into effect March 2017; covered entities must be in compliance with the bulk of the regulation by March 1. This includes sections 500.04(b), 500.05, 500.09, 500.12, and 500.14(b) of the law, which mandate risk assessments, vulnerability assessments, penetration testing, multi-factor authentication, and end-user awareness training.
Enforcement for the law's security incident reporting rule went into effect in August, requiring companies to report within 72 hours any event that has a "reasonable likelihood" of causing material harm to normal operations - a unique notification rule that goes beyond PII breaches to cover anything from intellectual property leaks to DDoSes.
The next compliance deadline - on rules for data use, data access, security personnel, and more - hits Sep. 18.
For more information, see here.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024