| 1 minute read

NYDFS Amendment to Cybersecurity Regulation

nys dfs seal

Avalon Cyber previously reported on proposed changes that may have a significant impact on the current 23 NYCRR Part 500 – Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500) released by the New York State Department of Financial Services (NYSDFS). 

Part 500, a regulation establishing cybersecurity requirements for financial services companies, was declared by the Superintendent of Financial Services, and has been in place since March 2017.

Since adoption, the cybersecurity landscape has changed, and attacks have become more sophisticated and more expensive. There are many additional controls to help mitigate these threats that should be implemented by organizations to help protect themselves and, as such, on November 1, 2023, Part 500 was amended to help align with these changes and push for better security for financial services companies.

Please go to https://www.dfs.ny.gov/industry_guidance/cybersecurity for more information on the updates and related resources including available training sessions and implementation timelines for small businesses, Class A businesses, and covered entities.

Avalon Cyber can assist your organization with staying or becoming compliant through many of our services, including vCISO, vendor management, policy creation, and risk assessment.

CONTACT US

Blog Articles

New York Department of Financial Services (NYDFS) Amendments Effective November 2024

As covered in our previous article, the New York Department of Financial Services (NYDFS) updated its Cybersecurity Regulation in 2023. To help entities roll out the changes and new requirements, they have provided phased timelines for when these items must be implemented by.

Risks Lurking in the “Shadows”: Shadow IT and Shadow AI

You may have heard the saying: “Change is the only constant in life.” This is certainly true of the information technology industry, which in turn, has a ripple effect on the technology, services, risk, and regulatory requirements that impact your organization and its environment.

Focusing In On the New “Govern” Function in NIST CSF 2.0

In February 2024, the National Institute of Standards and Technology (NIST) released Version 2.0 of the Cybersecurity Framework (CSF or the Framework) which is the first significant update to the Framework since 2014 when it was first created.

Vector

About Us

Curabitur tincidunt eros sed magna dignissim semper. Sed bibendum tincidunt mauris, at auctor nisi. Mauris sed urna orci. Sed posuere justo odio, vel rhoncus neque sodales sed. Etiam ornare iaculis leo, et tincidunt neque vulputate at.