Boston, MA – January 08, 2019 – Egress, a data security company, today announced that Coalfire, a leading cybersecurity advisory firm, has validated the ability of the Egress data security platform to protect financial and personal data and help organizations comply with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500 data privacy laws. The final deadline for compliance with the regulation is March 1, 2019. The full technical assessment and compliance validation is available for download.
“Through our evaluation, Coalfire determined that Egress can help organizations comply with all the applicable sections of the NYDFS regulation when the solution is properly implemented,” said Nick Trenc, Director, Solution Validation, Coalfire. “Throughout the testing process, Egress demonstrated a high level of flexibility for managing access to shared data, customization and enforcement of organizational policies, and protection mechanisms used for shared data. These are critical capabilities as organizations look for comprehensive compliance solutions that integrate with their broader security programs.”
NYDFS 23 NYCRR 500 is part of a growing number of statewide data privacy regulations. The regulation requires financial services entities licensed to do business in New York – including more than 10,000 state-chartered banks, mortgage providers and insurance companies – to establish a risk-based security program to protect consumers’ private data.
After an exhaustive technical assessment, Coalfire determined that the Egress data security platform can help organizations achieve compliance by meeting specific NYDFS 23 NYCRR 500 requirements, including:
- Audit Trail (500.06): Egress provides a record of the use of emails and attachments involved in a material financial transaction with full visibility over users, access, read, reply, revocation and adherence to data sharing policy.
- Access Privileges (500.07): Egress policy controls enforce access privileges to emails and attachments, while Egress’ secure zones provide access-driven isolated environments for sharing content.
- Multi-Factor Authentication (MFA) (500.12): Access to the Egress platform can be configured to use MFA to provide greater assurance over the authority of the person with access to the classified data.
- Limitations on Data Retention (500.13): Egress provides multiple options for expiring and revoking access to encrypted emails and attachments.
- Training and Monitoring (500.14): Egress can monitor and investigate the activities of users and detect unauthorized access or use. This information can be used to train personnel on security policies and procedures to avoid risky email sharing practices.
- Encryption of Nonpublic Information (500.15): Egress provides easy-to-use, flexible encryption that provides the highest levels of security. In addition to encrypting message content and attachments, it enables total control over shared information in real time, with the ability to revoke access, audit user actions and add message restrictions to prevent mishandling of sensitive data.
- Notices to Superintendent (500.17): In the case of a suspected cybersecurity event, the Egress reporting, logging and search capabilities can be used to investigate what data was shared by which account and when (both encrypted and cleartext data), to provide a foundation for the necessary notice to the Superintendent.
“As we saw with GDPR a year ago, smart companies don’t procrastinate when it comes to compliance for major data privacy laws,” said Egress Chief Revenue Officer and NA General Manager Mark Bower. “As financial organizations in New York prepare for the final push to comply with the NYDFS cybersecurity regulations, the Coalfire report provides validation and a roadmap for how Egress can help drive compliance with specific regulatory requirements.”
Coalfire is the trusted cybersecurity advisor that helps private and public-sector organizations avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, assessments, technical testing and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives and fuel their continued success. Coalfire has been a cybersecurity thought leader for more than 17 years and has offices throughout the United States and Europe.