• Home
>
• Resources
>
• Data Sheet

Exabeam Support for the NYDFS Cybersecurity Regulation (23 NYCRR 500)

See the threats that matter with behavior analytics that apply machine-learning (ML) to security data in LogRhythm SIEM.

The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a set of regulations from the New York Department of Financial Services that places new cybersecurity requirements on financial institutions.

This regulation imposes strict cybersecurity rules on covered organizations, such as banks, mortgage companies, and insurance firms. The regulation requires financial companies to install a detailed cybersecurity plan, enact a comprehensive cybersecurity policy, and initiate and maintain an ongoing reporting system for cybersecurity events.

The NYDFS Cybersecurity Regulation applies to all entities operating under DFS licensure, registration, charter, or those that are otherwise DFS regulated. The regulation also applies to unregulated third-party service providers working with regulated entities.

The NYDFS Cybersecurity Regulation requires institutions to adopt a robust cybersecurity program ideally aligned to five core functions set forth by the NIST Cybersecurity Framework (CSF):

• Identify: Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities
• Protect: Employ defense infrastructure to safeguard against those threats
• Detect: Implement the appropriate activities to identify the occurrence of a cybersecurity event
• Respond: Take appropriate action to mitigate all detected cybersecurity events
• Recover: Restore any capabilities or services that were impaired due to a cybersecurity event

In addition, the NYDFS Cybersecurity Regulation specifies requirements beyond that of CSF, such as protecting non-public information.