AWA’s NYDFS Cybersecurity Services
The New York Department of Financial Services (NYDFS) has issued its long-awaited cybersecurity regulation which applies to all organizations operating within its jurisdiction. This includes entities with a license, registration, or charter, and others that fall within New York DFS regulations. It also applies to unregulated third-party service providers for regulated organizations.
AWA cybersecurity experts assist financial institutions in preparing their information security programs for NYDFS compliance. This includes setting up security policies and implementing practices that address data breach notifications, access control, disaster recovery, network security, data privacy controls, auditing, and risk assessments.
Since NYDFS cybersecurity requirements went into effect in 2019, financial institutions are required to appoint a chief information security officer (CISO) and maintain complete cybersecurity policies and an incident response plans. Further, the NYDFS Framework outlines specific standards and procedures to help safeguard against a range of cyberattacks including denial-of-service attacks, viruses, malware, phishing expeditions and other disruptive threats.
What Are NYDFS Regulations?
NYDFS cybersecurity regulations are applicable to licensed entities, such as banks and lenders, cybersecurity firms and technology companies providing financial services, which operate within New York State. NYDFS also regulates New York-based entities, even if they’re not NYDFS licensed, and companies based out of state which do business in New York (e.g., money transmitters, virtual currency exchanges, etc).
NYDFS is a high priority since it is the first financial regulator in the United States to regulate cybersecurity standards. Contact AWA to learn more about NYDFS cybersecurity services.
FAQs about NYDFS Cybersecurity Services
What is a covered entity under NYDFS?
According to the New York Department of Financial Services, a covered entity is defined as “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law” for the purposes of the Cybersecurity Regulation.
What is required to comply with NYDFS Cybersecurity regulations?
Minimum compliance requirements for computer systems are based on risk mitigation, including penetration testing, access controls, and data encryption. Organizations must show that their security program is sufficiently funded, directed by a CISO (who may be a third-party service provider), and carried out by cybersecurity experts. They must also demonstrate that they have an incident response plan in place with timely notification to the NYDFS and data preservation in case of major events and data breaches. NYDFS compliance also requires Identification and documentation of vulnerabilities, corrective action plans, and yearly certifications of conformity.