BSN Logo Footer
Sign in
Request demo
BSN Logo Footer
NY DFS Email

NY DFS Enforcing Cybersecurity Requirements

If you are a New York Financial Services organization and have not complied with the New York Department of Financial Services (DFS) Cybersecurity Regulations (23 NYCRR 500) you probably received a notice over the weekend. The notices were sent from Maria Vullo from the DFS with the subject: Failure to File Certification of Compliance. The below is an image of the actual email:

 

Click to Enlarge Image

 

NY DFS Email
 

New York Financial Services Organizations are required to submit an annual certificate of compliance by February 15th. Here is a description of the certificate of compliance:

Annually each Covered Entity shall submit to the superintendent a written statement covering the prior calendar year. This statement shall be submitted by February 15 in such form set forth as Appendix A, certifying that the Covered Entity is in compliance with the requirements set forth in this Part. Each Covered Entity shall maintain for examination by the Department all records, schedules and data supporting this certificate for a period of five years. To the extent a Covered Entity has identified areas, systems or processes that require material improvement, updating or redesign, the Covered Entity shall document the identification and the remedial efforts planned and underway to address such areas, systems or processes. Such documentation must be available for inspection by the superintendent.

NY DFS Cybersecurity Regulations

From a high level view, the NY DFS Cybersecurity Regulations require NY Financial Services Organizations to put in place a security program to protect sensitive financial information that these organizations store, access or maintain.

It is critical for all regulated institutions that have not yet done so to move swiftly and urgently to adopt a cybersecurity program and for all regulated entities to be subject to minimum standards with respect to their programs. The number of cyber events has been steadily increasing and estimates of potential risk to our financial services industry are stark. Adoption of the program outlined in these regulations is a priority for New York State.

Some of the requirements include:

    • Section 500.02 Cybersecurity Program.
      (a) Cybersecurity Program. Each Covered Entity shall maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of the Covered Entity’s Information Systems.
    • Section 500.03 Cybersecurity Policy.
      Cybersecurity Policy. Each Covered Entity shall implement and maintain a written policy or policies, approved by a Senior Officer or the Covered Entity’s board of directors (or an appropriate committee thereof) or equivalent governing body, setting forth the Covered Entity’s policies and procedures for the protection of its Information Systems and Nonpublic Information stored on those Information Systems. The cybersecurity policy shall be based on the Covered Entity’s Risk Assessment and address the following areas to the extent applicable to the Covered Entity’s operations:
    • Section 500.09 Risk Assessment.
      (a) Each Covered Entity shall conduct a periodic Risk Assessment of the Covered Entity’s Information Systems sufficient to inform the design of the cybersecurity program as required by this Part. Such Risk Assessment shall be updated as reasonably necessary to address changes to the Covered Entity’s Information Systems, Nonpublic Information or business operations. The Covered Entity’s Risk Assessment shall allow for revision of controls to respond to technological developments and evolving threats and shall consider the particular risks of the Covered Entity’s business operations related to cybersecurity, Nonpublic Information collected or stored, Information Systems utilized and the availability and effectiveness of controls to protect Nonpublic Information and Information Systems.
    • Section 500.14 Training and Monitoring.
      As part of its cybersecurity program, each Covered Entity shall:
      (a) implement risk-based policies, procedures and controls designed to monitor the activity of Authorized Users and detect unauthorized access or use of, or tampering with, Nonpublic Information by such Authorized Users; and
      (b) provide regular cybersecurity awareness training for all personnel that is updated to reflect risks identified by the Covered Entity in its Risk Assessment.
    • Section 500.17 Notices to Superintendent.
      (a) Notice of Cybersecurity Event. Each Covered Entity shall notify the superintendent as promptly as possible but in no event later than 72 hours from a determination that a Cybersecurity Event has occurred that is either of the following:
      (1) Cybersecurity Events impacting the Covered Entity of which notice is required to be provided to any government body, self-regulatory agency or any other supervisory body; or
      (2) Cybersecurity Events that have a reasonable likelihood of materially harming any material part of the normal operation(s) of the Covered Entity.
      (b) Annually each Covered Entity shall submit to the superintendent a written statement covering the prior calendar year. This statement shall be submitted by February 15 in such form set forth as Appendix A, certifying that the Covered Entity is in compliance with the requirements set forth in this Part. Each Covered Entity shall maintain for examination by the Department all records, schedules and data supporting this certificate for a period of five years. To the extent a Covered Entity has identified areas, systems or processes that require material improvement, updating or redesign, the Covered Entity shall document the identification and the remedial efforts planned and underway to address such areas, systems or processes. Such documentation must be available for inspection by the superintendent.

Partner with Breach Secure Now!

If you are a Managed Service Provider and have clients that must comply with NY DFS Cybersecurity Regulations, contact us to see how you can use Breach Secure Now! (BSN) to help. BSN was built for cybersecurity requirements and provides:

      1. Security Risk Assessments
      2. Security Policies
      3. Security Awareness Training
      4. 3rd Party Security Contract Addendum
      5. Security Incident Guidelines and Documentation


[button link=”https://breachsecurenow.com/contact-us/” color=”blue”]Find Out More >>[/button]

badge w light burst white (1)
Exclusively for Our MSP Partners

Now Available: Gen AI Certification From BSN

Lead Strategic AI Conversations with Confidence

Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.

Get Certified Now

More on blogs

2026 Annual Training

The 2026 Training Lineup Is Here and It’s a Game-Changer for MSPs

Breach Secure Now is excited to introduce the 2026 Training Lineup—an engaging, foundational program designed to help your team recognize and stop today’s most advanced
READ MORE
Online Holiday Shopping

‘Tis the (Cyber-Risk) Season: Why the Holidays Are a Hotbed for Cyber and AI Threats

The holidays bring joy – and heighted cyber risk. As we juggle year-end work, shopping, and celebrations, cybercriminals exploit our distractions with AI-powered phishing and
READ MORE
Take the First Step

Experience Training That Makes a Difference

Try it for free
Contact sales

during the demo you’ll:

  • See our platform in action.
  • Discover how human-centric training solutions can help differentiate your services.
  • Learn how to integrate training into your MSP stack and deliver measurable outcomes.
Take the First Step

Experience Training That Makes a Difference

Try for Free
Contact sales
During the demo you’ll:
  • See our platform in action.
  • Discover how human-centric training solutions can help differentiate your services.
  • Learn how to integrate training into your MSP stack and deliver measurable outcomes.
slot dana slot gacor SBCTOTO DAFTAR toto slot deposit 1000 toto toto slot pulsa toto togel slot thailand situs toto situs toto toto 8KUDA4D 8KUDA4D toto toto toto situs toto toto slot server Thailand city4d petir135 daftar pgs4d slot ltdtoto gbk99 bwo99 slot maxwin pajaktoto pajaktoto login toto toto ilmutoto naruto88 naruto88 leon188 https://linktr.ee/miminbet99 toto macau toto toto toto Toto Slot toto slot BENTENG786 toto situs toto QQgobet dor123 Streameast topanbos88 https://dr-mobile.org/disclaimer/ https://fecoms.com/contact-us/ https://www.shoescompany.com/fr/aide Mantraslot toto pedofil pajaktoto https://www.shoescompany.com/es/contact bwo99 https://fateccampinas.edu.br/site/curso_ads/ jebol togel miminbet toto slot gacor toto slot bwo303 https://www.shoescompany.com/es/agencia Demo Slot Gratis bandar togel bandar togel https://dai.it/contatti/ PEWE4D pewe4d naga91 login toto TOTO TOGEL toto https://starhospitallimited.com/finddoctor hoki99 login babe138 link alternatif slot gacor slot gacor slot amavi5dallseasonsgardencenter.com.php toto togel sontogel toto togel toto togel toto togel toto togel sesetoto toto slot toto slot toto slot toto slot toto slot situs toto situs togel terpercaya toto slot toto slot bandar toto toto slot mahjong toto toto slot toto slot toto toto sulebet toto slot toto togel judi bola benteng786 bandar togel monk4d xyz388 xyz388 slot thailand toto toto toto slot toto toto toto https://aulavirtualfad.intecap.edu.gt/ toto toto situs toto situs toto toto toto slot situs slot bwo99 toto slot toto macau slot gacor toto slot situs slot terpercaya toto slot joker123 gaming toto togel toto togel situs toto ingatbola hoki99 hoki99 traveltoto benteng786 slot gacor https://bto-ao.co.jp/scaleremover/ link login eropa99 toto SLOT GACOR Sex Streameast TOTO SLOT toto slot situs toto idr toto toto togel toto togel babeh188 wdbos slot gacor gacor toto 4d situs toto toto 4d toto situs toto situs toto situs toto toto slot situs slot gacor bandar togel toto togel toto slot
BSN Logo Footer
Linkedin Instagram Facebook Youtube