NYDFS Cybersecurity (NYCRR 500) Compliance
A risk-based approach to protect data and manage risk in financial services
New York State Department of Financial Services Cybersecurity Requirements
Regulations established by NYDFS Cybersecurity Requirements (NYCRR 500) mandate that financial services protect their customer data and manage cyber risk.
NSDFS encourages a risk-based approach to protecting customer information from being revealed or stolen for illicit purposes.
Challenges to NYDFS Compliance
The NYDFS Cybersecurity Regulation (NYCRR 500) requires that covered institutions — organizations in financial services — implement phased cybersecurity policies that involve:
– Implementing the basics
– Establishing reporting procedures
– Developing a cybersecurity program
– Securing third parties
Prioritize a Risk-Based Approach
Financial services firms must understand where their customers’ personal data resides, who it belongs to, how long they need to retain it, and who has access to it.
Mitigate Harmful Data Exposure
With the expansive definition of nonpublic personal information (NPI), the NYDFS extends scope to data that might cause material harm if exposed.
Map, Maintain, and Report on Data
Companies must maintain a comprehensive map of all sensitive data — on-prem and in the cloud — identify high-risk data, alert on violation risks, and manage retention timelines.
How BigID Helps with NYDFS Compliance
Identify All Your Sensitive Data
See a clear, complete view of all your sensitive data across the enterprise — not just the data you know about — to protect it.
Know Whose Data You Have
Discover and inventory personal, sensitive, and critical data — and then associate it with specific users.
Clean Up Your Data
Minimize duplicate and redundant data, fix data quality issues, and automate workflows based on retention timelines.
Identify high-risk data and where it resides, flag vulnerable data flows and access patterns, and continuously monitor access activity.
BigID for NYDFS Compliance
Discover all sensitive and regulated data that falls under NYDFS, wherever it’s stored across the enterprise.
Take an ML-based approach to automatically classify and tag NPI and high-risk data that is regulated by NYDFS.
Leverage data retention policies and business rules, define custom policies, and apply them consistently across all data types and all data sources
Remediate sensitive and regulated NYDFS data and manage high-risk-data with remediation workflows and audit trails.