While the cybersecurity industry was knee-deep in vision, rhetoric, and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The DFS regulations (23 NYCRR 500) go into effect next week on March 1, 2017. Here’s a link to a pdf document describing the regulations.
Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads. In reviewing the document, however, section 500.10 caught my eye. Here is the text from this section: