A guide to NYDFS Cybersecurity Regulation's March 1 implementation deadline

It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect (see our discussion here). Since that time, a series of key dates have marked the implementation of various portions of the regulations, starting with the August 28, 2017 deadline.

Now, as we approach the one-year anniversary of the effective date of the Cybersecurity Regulation, another deadline looms. March 1, 2018 will mark the end of the one-year transitional period, at which time covered entities are required to be in compliance with additional requirements covering the following:

  • Chief Information Security Officer (CISO) reporting to your board of directors;
  • penetration testing and vulnerability assessments
  • risk assessments of your information systems
  • multi-factor authentication or other effective controls
  • cybersecurity awareness training for your personnel

Read more: A guide to NYDFS Cybersecurity Regulation’s March 1 implementation deadline

Download PDF Back To Listing
Loading data