NYDFS Cybersecurity Regulation requirements

by Neil Larkins
Published on 12th Jun 2018

September 3rd 2018 is around the corner and the NY DFS Cybersecurity Regulation (23 NYCRR 500) will see new controls coming into force. Designed to reduce the risk of data breaches for financial services firms handling NY financial data, the regulation requires organizations to deploy state-of-the-art methods to secure data as its shared and used. Traditional tools get in the way of fast-moving business, but Egress’ modern AI and machine learning platform empowers business users to get on with day-to-day engagements while meeting tough compliance demands. 

User-centric, intelligent tools provide a new, streamlined approach that simplifies NY DFS compliance for people handling non-public information across the financial supply chain. If your organization shares data inside and outside the business, to partners, customers, or service providers or your existing tools are too cumbersome to use, we can help deliver quickly to the new controls:

  • 500.06 – Strong audit – full visibility of shared sensitive data inside and outside the business at any time
  • 500.13 – Data retention limitations – Control, destroy, archive and search on shared data to minimize the data footprint without blocking conflicting regulations like SEC 17A4 and FTC controls
  • 500.14 – Training, monitoring and awareness – Tools that teach users best practice and avoid mistakes with the latest AI and machine learning built-in
  • 500.15 – Data encryption for non-public data in transit and at rest – encryption for collaboration-heavy financial services without friction or complexity, with precise control and monitoring

On July 26th, we’re running a webinar that maps NY DFS requirements to modern controls and introduces the Egress data security platform to the financial supply chain. Used by government, defense, justice systems and enterprise from a decade of success, Egress enables top global banks, New York hedge funds, financial processors and legal services providers address stringent compliance needs including GDPR, NYDFS, GLBA, HIPAA, PCI, and ITAR. 

To join us for this session, register here.

Are you ready for September 3rd?