Complying with the Part 500 of the New York Codes, Rules and Regulations (NYCRR)
The rise of cyberthreats across industries has challenged enterprises to meet dynamic compliance requirements. They tend to exploit network vulnerabilities to gain access to sensitive data.
The New York State Department of Financial Services (NYDFS) has witnessed the constant threats to financial institutions, their systems, and information. This can lead to significant losses to entities regulated by the NYDFS. It has become imperative for organizations to develop a cybersecurity program covering the minimum regulatory standards to match the relevant risks and keep up with the technological advances. A regulated entity’s cybersecurity program must ensure the institution’s safety and its customers.
Seclore and 23 NYCRR 500
On March 1, 2017, the New York Department of Financial Services (NYDFS) developed regulations to establish a cybersecurity program to promote the protection of sensitive data belonging to both the regulated entities and the customers. The 23 NYCRR 500 is part 500 of the overall NYDFS body of regulation.
The 23 NYCRR 500 aims to implement a cybersecurity framework to protect the sensitive data handled by various NYDFS-regulated financial entities.
Four Ways How Data-Centric Security Helps Comply with 23 NYCRR 500
PROTECT CUSTOMER DATA
Keep customer data private by applying persistent protection (encryption) with granular usage controls
MANAGE 3RD PARTY RISK WITH
Protect customer data throughout its lifecycle as it is shared across user groups – employees, partners, and customers
LIMIT ACCESS PRIVILEGES AND
Control who can access and retain what information and to what extent
TRACK AND AUDIT THE USE OF DATA
Track the use of information wherever it travels and automatically generate reports consisting of details such as the devices and IP addresses that use the information