The New York Department of Financial Services (NY DFS) is taking steps to strengthen the cyber security foundation of all financial services organizations within the state of New York and those that do business with them. On March 1, 23 NYCRR 500 went into effect, setting guidelines for cyber security practices within the New York’s Financial Services Industry including minimum standards for access control, breach remediation and the requirements for cybersecurity programs. The key date to keep in mind is September 1, 2017: that date marks the end of the 180 day period to comply with the guidelines set forth in 23 NYCRR 500.
New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever increasing threat of cyber-attacks. These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber-crimes."
STEALTHbits can automate the reporting that accompanies every audit and put effective controls in place to ensure those reports have only the news you want your auditor to see.
In order to be compliant with the NYCRR 500, the Financial Services Industry in New York must place proper access controls, have an asset management program, instill data governance, and have software development practices. Alongside those requirements there must be a third party risk assessment and entities must provide an annual certification of their compliance with the regulation beginning as early as Feb. 15, 2018.
STEALTHbits provides flexible workflows to control and remediate issues that may lead to compliance violations. Our solutions will identify the business owners of personal information, and allow them to run an access certification program to ensure data access and usage is in line with appropriate business needs. Our solutions can also monitor privileged users to ensure they are not using their rights to access sensitive data. All of these automated controls allow organizations to ensure that compliance guidelines are not circumvented.