We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

A guide to NYDFS Cybersecurity Regulation's March 1 implementation deadline

28 February 2018

Privacy and Cybersecurity Alert

It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect (see our discussion here). Since that time, a series of key dates have marked the implementation of various portions of the regulations, starting with the August 28, 2017 deadline.

Now, as we approach the one-year anniversary of the effective date of the Cybersecurity Regulation, another deadline looms. March 1, 2018 will mark the end of the one-year transitional period, at which time covered entities are required to be in compliance with additional requirements covering the following:

  • Chief Information Security Officer (CISO) reporting to your board of directors;
  • penetration testing and vulnerability assessments
  • risk assessments of your information systems
  • multi-factor authentication or other effective controls
  • cybersecurity awareness training for your personnel

Read more: A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline


Paul Otto

Paul Otto

Senior Associate
Washington, D.C.

Loading data