New York State Cyber Security Regulations

In early 2017, the New York State Department of Financial Services announced regulations requiring financial institutions, including insurers, to meet minimum cyber security standards and disclose breaches to regulators as part of an effort to combat increased cyber-crime and limit damages to consumers.  They have laid out a timeline of steps financial institutions must take to protect their networks and customer data from hackers and disclose/report any cyber events, listed below.

WEBINAR 11/8: Where should you be? What's coming next? How can we help? Sign up now!



Key Dates under New York's Cybersecurity Regulation (23 NYCRR Part 500)

  • March 1, 2017 - 23 NYCRR Part 500 becomes effective.
  • August 28, 2017 - 180 day transitional period ends. Covered Entities are required to be in compliance with requirements of 23 NYCRR Part 500 unless otherwise specified.
  • September 27, 2017 – Initial 30 day period for filing Notices of Exemption under 23 NYCRR 500.19(e) ends. Covered Entities that have determined that they qualify for a limited exemption under 23 NYCRR 500.19(a)-(d) as of August 28, 2017 are required to file a Notice of Exemption on or prior to this date.
  • February 15, 2018 - Covered Entities are required to submit the first certification under 23 NYCRR 500.17(b) on or prior to this date.
  • March 1, 2018 - One year transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.04(b), 500.05, 500.09, 500.12 and 500.14(b) of 23 NYCRR Part 500.
  • September 3, 2018 - Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500.
  • March 1, 2019 - Two year transitional period ends. Covered Entities are required to be in compliance with the requirements of 23 NYCRR 500.11.


Click here to find out how ePlus can support your efforts to be compliant
.

For more specific information on the above, visit the NY State DFS site here.

Click here for Frequently Asked Questions.

Click here to schedule an assessment.


Please also feel free to contact us directly with any questions.

Tom Bowers, Chief Security Strategist

tbowers@eplus.com

804-672-4407