The NY DFS Cybersecurity Regulation (23 NYCRR Part 500) is in response to the growing sophistication of cybercriminals and the increasingly volatile cybersecurity climate facing US financial institutions. The goal is to protect sensitive customer data and promote the integrity of the information technology systems of regulated entities.
Under the new regulation, financial services entities must establish and maintain a “risk-based, holistic, and robust security program” that is designed to protect consumers’ private data.
iV4's Security Managed IT Solution includes the development of a Systems Security Plan cross-walking DFS cybersecurity regulatory requirements to The Center for Internet Security (CIS) 20 Critical Security Controls.
Download the document below to see how each DFS cybersecurity regulation requirement is satisfied by a component of iV4’s Security Managed IT Solution or an outside consulting function.
The NY DFS cybersecurity regulations are only the beginning of what will be a growing framework of rules, standards, and regulations surrounding cybersecurity.
While the regulations may present new challenges for organizations in the financial sector and beyond, iV4 offers a comprehensive security program that adheres to the regulations and protects your organization.