New York Governor Cuomo announced the first-in-the-nation cybersecurity regulation to protect New York’s financial services industry and consumers from the ever-growing threat of cyber-attacks that took effect on March 1, 2017.
500.15 Encryption of Nonpublic Information
Four NYDFS Data-Centric Requirements
Implment controls, including encryption, to protect Nonpublic Information held or transmitted both in transit over external networks and at rest.500.07 Access Privileges
Limit user access privileges to Information Systems that provide access to Nonpublic Information.500.06 Audit Trail
Include audit trails designed to detect and respond to Cybersecurity Events that have a reasonable likelihood of materially harming normal operations.500.13 Limitations on Data Retention
Secure disposal on a periodic basis of any Nonpublic Information that is no longer necessary for business operations or for other legitimate business purposes.
Quick Wins in Data Security & Compliance
Fasoo's solutions comprehensively meet the four data-centric requirements of the NYDFS Part 500 Cybersecurity Regulations.