Summary
On May 1, 2025, the New York Department of Financial Services (NYDFS) will implement the second set of cybersecurity requirements under its amended 23 NYCRR Part 500 regulation. These new mandates will necessitate that covered entities conduct vulnerability scans, impose stricter access controls, and adopt measures to protect against malicious software. Class A Companies, which meet specific criteria, will have even more rigorous standards, including automated password blocking and heightened logging requirements.
Key Points
- New cybersecurity regulations will take effect on May 1, 2025, requiring vulnerability scans and access control measures.
- Class A Companies face stricter requirements, including automated controls for privileged accounts.
- Companies must conduct regular vulnerability assessments and limit access to necessary functions.
- Malicious code protection mechanisms will be required, along with monitoring and logging for Class A Companies.
- The final set of requirements will be implemented by November 1, 2025, focusing on multi-factor authentication and asset tracking.
Why should I read this?
If you’re involved in compliance or cybersecurity within financial services, getting ahead of these NYDFS requirements is a must. This article offers essential insights into the regulations that could have a substantial impact on how organisations handle sensitive data and manage their cybersecurity posture. Don’t miss out on key deadlines and obligations that could affect your company’s operations!