New York Codes, Rules and Regulations
Title 23 - FINANCIAL SERVICES
Chapter I - Regulations of the Superintendent of Financial Services
Part 500 - CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
Section 500.10 - Cybersecurity Personnel and Intelligence
Universal Citation: 23 NY Comp Codes Rules and Regs ยง 500.10
Current through Register Vol. 46, No. 39, September 25, 2024
(a) In addition to the requirements set forth in section 500.4(a) of this Part, each covered entity shall:
(1) utilize
qualified cybersecurity personnel of the covered entity, an affiliate or a
third-party service provider sufficient to manage the covered entity's
cybersecurity risks and to perform or oversee the performance of the core
cybersecurity functions specified in section
500.2(b)(1)-(6)
of this Part;
(2) provide
cybersecurity personnel with cybersecurity updates and training sufficient to
address relevant cybersecurity risks; and
(3) verify that key cybersecurity personnel
take steps to maintain current knowledge of changing cybersecurity threats and
countermeasures.
(b) A covered entity may choose to utilize an affiliate or qualified third-party service provider to assist in complying with the requirements set forth in this Part, subject to the requirements set forth in sections 500.4 and 500.11 of this Part.
Disclaimer: These regulations may not be the most recent version. New York may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.