New York Codes, Rules and Regulations
Title 23 - FINANCIAL SERVICES
Chapter I - Regulations of the Superintendent of Financial Services
Part 500 - CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
Section 500.8 - Application Security

Current through Register Vol. 45, No. 52, December 27, 2023

(a) Each Covered Entity's cybersecurity program shall include written procedures, guidelines and standards designed to ensure the use of secure development practices for in-house developed applications utilized by the Covered Entity, and procedures for evaluating, assessing or testing the security of externally developed applications utilized by the Covered Entity within the context of the Covered Entity's technology environment.

(b) All such procedures, guidelines and standards shall be reviewed, assessed and updated as necessary by the CISO (or a qualified designee) of the covered entity at least annually.

Adopted, New York State Register March 1, 2017/Volume XXXIX, Issue 09, eff. 3/1/2017

Amended New York State Register November 1, 2023/Volume XLV, Issue 44, eff. 11/1/2023

Disclaimer: These regulations may not be the most recent version. New York may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.