NYCRR 500 Compliance
New York Cybersecurity Regulations for Financial Services
In March 2017, the New York State Department of Financial Services issued 23 NYCRR 500, a new set of standards and requirements for banks, insurance companies, and other financial services organizations. With a few exceptions for smaller organizations, all businesses licensed by the New York DFS must comply with the law, which is being implemented in stages from 2017 to 2019.
NYCRR 500 applies to all financial services firms that do business in New York, whether the organizations are based there or elsewhere. Covered entities are required to establish formal cybersecurity programs and document their cybersecurity policies, in addition to meeting several other requirements:
- Conduct cybersecurity risk assessments
- Ensure the security of their applications
- Implement data protection methods, including encryption
- Use appropriate controls to limit access to sensitive information
In addition, the law indirectly establishes rules for third party service providers that have access to covered entities’ nonpublic information. Covered organizations are required to develop third party security policies that will effectively apply many 23 NYCRR 500 mandates to service providers who are not licensed by the New York DFS.
Meet NYCRR 500 Requirements with Smartcrypt
PKWARE’s Smartcrypt combines strong encryption, simplified key management, and intelligent data discovery to enable enterprise-wide control over sensitive data. With Smartcrypt, financial services organizations and their third party service providers can improve their data security while ensuring compliance with 23 NYCRR 500 and other government or industry mandates.
PKWARE’s innovative Smartkey technology automatically generates, synchronizes, and exchanges encryption keys according to your organization’s security policies, making the process automatic for end users. Smartkeys can be managed using Smartcrypt’s administration console and can be stored on third-party dedicated key management appliances.
Smartcrypt can help your organization protect its data and meet NYCRR 500 standards.
A detailed look at NYCRR 500 requirements and strategies to ensure compliance.