New York Codes, Rules and Regulations
Title 23 - FINANCIAL SERVICES
Chapter I - Regulations of the Superintendent of Financial Services
Part 500 - CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
Section 500.3 - Cybersecurity policy

Current through Register Vol. 46, No. 39, September 25, 2024

Each covered entity shall implement and maintain a written policy or policies, approved at least annually by a senior officer or the covered entity's senior governing body for the protection of its information systems and nonpublic information stored on those information systems. Procedures shall be developed, documented and implemented in accordance with the written policy or policies. The cybersecurity policy or policies and procedures shall be based on the covered entity's risk assessment and address, at a minimum, the following areas to the extent applicable to the covered entity's operations:

(a) information security;

(b) data governance, classification and retention;

(c) asset inventory, device management and end of life management;

(d) access controls, including remote access and identity management;

(e) business continuity and disaster recovery planning and resources;

(f) systems operations and availability concerns;

(g) systems and network security and monitoring;

(h) security awareness and training;

(i) systems and application security and development and quality assurance;

(j) physical security and environmental controls;

(k) customer data privacy;

(l) vendor and third-party service provider management;

(m) risk assessment;

(n) incident response and notification; and

(o) vulnerability management.

Disclaimer: These regulations may not be the most recent version. New York may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.