Key Milestone Dates: NYDFS Cybersecurity Regulations
- Jun 14, 2017
- Michael Tucker
If you’re in the financial industry (or working as a provider with such organizations), you most likely have already heard about the NY DFS Cybersecurity Regulations. The whole affair started late 2016, and was finally implemented on March 1, 2017. It’s the first regulation of its kind in the United States, and it’s set a precedent for regulations that has since surfaced in other states. Here at NopSec, programs are underway for our clients to ensure that they’re on-track to meet compliance and we’ve also been producing a series of NYDFS Cybersecurity Regulations webinars to help IT Teams and their organizations learn more.
When it comes to new regulations, there are three key questions that usually surface right away:
The “why” in this case is simple enough. In a nutshell, the NYDFS Cybersecurity Regulations require that you set security practices and controls to help protect your nonpublic information from unauthorized access. The regulation outlines many requirements — and answers the “what” — here are the “big four” they’re requiring (mandatory compliance):
Obviously there are many details contained within the regulations (including annual pen tests and twice yearly vulnerability assessments that fall under policies), but now that we roughly know what the requirements are, it’s time to ask when they want these all done by. Now that’s a great question if there ever was one.
The great thing with this regulation is that the NYDFS understands that some initiatives take time (i.e. not something you can do the night before the deadline), so they provided a transitional timeline for deadlines. Below are the details of the key dates you need to keep track of. Remember, these implementations are ideally done in phases (as we do with our clients), and there may be some changes along the line, so always check the official NYDFS website for updates (or the NopSec cybersecurity blog as we follow the regulations very closely).
Note: We recommend that you verify with a trusted advisor if you actually do qualify for an exemption.
New regulations can be challenging, but it need not be impossible to implement. If you plan your initiatives strategically and efficiently, combined with with the advice of a trusted expert, then you are on track to being compliant. If you do need some assistance in getting started, please don’t hesitate to contact us at 646-502-7905 or at firstname.lastname@example.org.