The New York Department of Financial Services (NYDFS) Cybersecurity Regulation

Improve your cybersecurity maturity and reduce risk.

The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a set of regulations from the New York Department of Financial Services that places new cybersecurity requirements on financial institutions.

This regulation imposes strict cybersecurity rules on covered organizations, such as banks, mortgage companies, and insurance firms. The regulation requires financial companies to install a detailed cybersecurity plan, enact a comprehensive cybersecurity policy, and initiate and maintain an ongoing reporting system for cybersecurity events.

The NYDFS Cybersecurity Regulation applies to all entities operating under DFS licensure, registration, charter, or those that are otherwise DFS regulated. The regulation also applies to unregulated third-party service providers working with regulated entities.

The NYDFS Cybersecurity Regulation requires institutions to adopt a robust cybersecurity program ideally aligned to five core functions set forth by the NIST Cybersecurity Framework (CSF):

  • Identify: Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
  • Protect: Employ defense infrastructure to safeguard against those threats.
  • Detect: Implement the appropriate activities to identify the occurrence of a cybersecurity event.
  • Respond: Take appropriate action to mitigate all detected cybersecurity events.
  • Recover: Restore any capabilities or services that were impaired due to a cybersecurity event.

In addition, the NYDFS Cybersecurity Regulation specifies requirements beyond that of CSF, such as protecting non-public information.

LogRhythm Supports NYDFS Compliance

The LogRhythm NextGen SIEM Platform helps your organization comply with the NYDFS regulation. The LogRhythm NextGen SIEM Platform utilizes highly normalized data, advanced correlation rules, machine learning, and security orchestration, automation, and response to help improve your cybersecurity maturity and reduce risk. Through 24x7 monitoring and real-time alerting, you can zero in on anomalous events in your environment that could result in a data breach or compliance violation.

The rich reporting that the LogRhythm NextGen SIEM Platform provides can help your organization create and automate reports for any piece, block, or trend of information. These reports help ease the reporting burden of your annual certification requirements.

Download our white paper to learn how the LogRhythm NextGen SIEM Platform can help your organization comply with the NYDFS Cybersecurity Regulation.