NYDFS Compliance Assistance

What is NYDFS Compliance Assistance?

New York State Department of Financial Services (NYDFS) Title 23 Part 500 of the State of New York Official Compilation of Codes, Rules and Regulations.

NYDFS mandate the protection of specified electronic ‘Nonpublic Information’ and institution ‘Information Systems’ by implementing cybersecurity risk management controls.

How Cygilant's Services Support You

Cygilant’s Security-as-a-Service provides Managed Detection and Response (MDR), Vulnerability Management, and Patch Management services to help financial service institutions address the cybersecurity and compliance requirements of NY DFS Cybersecurity Regulation (23 NYCRR 500). Our 24x7x365 outsourced security operations are delivered to you as a managed service subscription. There is no software to purchase, deploy, maintain or learn. Instead, you get skilled cybersecurity professionals who work for you, field-tested industry best practices, and best of breed technology to deliver “enterprise-class” cybersecurity at an affordable cost to organizations of all sizes.

Security Monitoring service provides:

  • 24/7/365 monitoring of Information Systems
  • Dedicated Cybersecurity Advisor and full SOC team reviewing alerts and helping investigate potential incidents or events
  • Filtering false positives out of alerts, distilling the credible threats
  • Detection of cybersecurity events
  • Actionable remediation guidance to cybersecurity events
  • Automated documentation of events and response for the Audit Trail

Vulnerability Management service provides:

  • Unlimited vulnerability scans, both internal and external
  • Details, severity, and recommended solutions to discovered vulnerabilities
  • Operational metrics and audit trail reports

Patch Management service provides:

  • Centralized, fast patching of institution assets with support for major operating systems and many common third-party software applications
  • Risk mitigation through security patches
  • Change control process to prevent negative impact on business operations
  • Audit trail to prove compliance and board-ready metrics reports

NYDFS 23 500

Security Monitoring

Vulnerability Management

Patch Management

500.02(3-6): Detecting, Responding, Recovering, and Reporting on Cybersecurity Events

SOCVue and security analysts are the always-on frontline defense to detect events, and to help response and recovery activity. SOCVue records all activity automatically for reports.

500.03 (g): Systems and Network Security

500.03 (h): Systems and Network Monitoring

500.03 (n): Incident Response

With SOCVue Security Monitoring, our security analysts are monitoring the systems and network 24/7/365. During Cybersecurity Events, security analysts will provide response guidance to help return business operations to normal is as little time as possible.

SOCVue Vulnerability Management helps keep systems secure by detecting vulnerabilities and providing actionable solutions.

SOCVue Patch Management provides an automated, simplified workflow to remotely patch critical systems. Patch Management returns valuable work hours and reduces the number of vulnerable attack surfaces.

500.04 (b): CISOs Shall Report in Writing to the Board of Directors

SOCVue’s Security Monitoring reports and executive scorecards help communicate the success of the ongoing cybersecurity program and integrity of the information systems.

SOCVue’s Vulnerability Management reports and executive scorecards help communicate the success of the ongoing cybersecurity program and information system attack surface.

SOCVue’s Patch Management reports and executive scorecards help record remediation accomplishments and show executives the returns of using a patch management system.

500.05 (b): Bi-Annual Vulnerability Assessments

SOCVue Vulnerability Management includes unlimited vulnerability scanning and easy access to vulnerability details including solutions.

500.06 (a)(2): Audit Trail of Detection and Response to Cybersecurity Events

500.06 (b): Maintain records related to (a)(2) for at least 3 years

SOCVue Security Monitoring includes automated reporting on Cybersecurity event detection and response, as well as one year of data storage for related data. Data storage can be easily and affordably extended to meet regulations.

500.09: Risk Assessment

SOCVue Security Monitoring analysts will get to know your unique situation and help define potential threats to your organization based on their expertise.

SOCVue Vulnerability Management can help map risks and weaknesses in the institution’s information systems, and help define risk mitigation policies and procedures.

500.12: Multi-Factor Authentication and Access Control

Cygilant’s SOCVue Portal uses two factor authentication and role based access control to ensure sensitive information is not accessed by unauthorized users.

500.14 (a): Monitoring of Authorized User Activity Regarding Nonpublic Information

Security Monitoring includes alerting on some user activities

500.15 (a): Nonpublic Information Encryption

Cygilant’s SOCVue Platform always transmits and stores data with secure encryption standards.

500.16 (b): Incident Response Plans

SOCVue Security Monitoring is a great supporting pillar of the required incident response plan. We will work with you to ensure the security monitoring service meets your incident response plan goals and customized needs.

SOCVue Vulnerability Management supports the required incident response plan by helping identify weaknesses, and the required remediation or control to mitigate the risk.

SOCVue Patch Management helps directly remediate vulnerabilities by patching systems with a few clicks. Patch installations will be automatically documented for the audit trail to verify the actions taken.

500.17 (a): Notification of Cybersecurity Event to the Superintendent

500.17 (b): Annual Report to the Superintendent

SOCVue Security Monitoring ensures prompt notification to our customer of cybersecurity events, and all related information that may be needed for any reports. All data will also be available for annual reporting of state of the organization.

Talk to an Expert

Learn how Cygilant can reduce your security vulnerabilities, improve your security workflow, and help you meet compliance mandates.

Please complete all required fields.

<script type="text/javascript"> adroll_adv_id = "P33PAU36EBCHVG7C4W3MX3"; adroll_pix_id = "63MYA75NGFDHJC2LKBWBV7"; (function () { var _onload = function(){ if (document.readyState && !/loaded|complete/.test(document.readyState)){setTimeout(_onload, 10);return} if (!window.__adroll_loaded){__adroll_loaded=true;setTimeout(_onload, 50);return} var scr = document.createElement("script"); var host = (("https:" == document.location.protocol) ? "https://s.adroll.com" : "http://a.adroll.com"); scr.setAttribute('async', 'true'); scr.type = "text/javascript"; scr.src = host + "/j/roundtrip.js"; ((document.getElementsByTagName('head') || [null])[0] || document.getElementsByTagName('script')[0].parentNode).appendChild(scr); }; if (window.addEventListener) {window.addEventListener('load', _onload, false);} else {window.attachEvent('onload', _onload)} }()); </script>