The New York Department of Financial Services (NYDFS) oversees approximately 4,400 entities with assets of about $6.2 trillion. With protection as their objective, NYDFS has imposed a cybersecurity regulation requirement for financial institutions operating under NYDFS licensure, registration, or charter. Examples of covered entities include state-chartered banks, licensed lenders, private bankers, foreign banks licensed to operate in New York, mortgage companies, insurance companies and service providers. Limited exemptions are available for small organizations.
The NYDFS does not require a specific standard or framework for use in the risk assessment process. Rather, it advises covered entities to implement a framework and methodology that best aligns with their risk and operations. Two widely adopted frameworks by NYDFS Covered Entities are the FFIEC Cyber Assessment Tool and NIST CSF.
The SureShield platform simplifies NYDFS compliance by automating technical controls and guiding you through operational controls. SureShield’s automation will reduce your overall NYDFS compliance cost by up to 70% when compared to traditional, labor-intensive compliance methods. For organizations requiring compliance to multiple frameworks, crosswalk automation drives cost savings up toward 90%.
NYDFS focuses on protecting the data of customers of financial institutions with branches in NY, third-party suppliers, like banks.
NYDFS requires supervised entities to assess their risk profiles and implement a comprehensive plan to recognize and mitigate that risk.
NYDFS aims to build a financial system that’s equitable, transparent, and resilient.
A cybersecurity program that complies with the NYDFS cybersecurity regulation will address these specific program elements. The NYDFS conducts regular examinations to evaluate its regulated entities for cybersecurity risk exposure based on past performance, certifications, assessments, cyber events, questionnaires, and other metrics.
Activate NYDFS framework
Install scanner for compliance evidence gathering
Review baseline evidence to score compliance control status
Close compliance gaps
Ongoing compliance and gap surveillance
Enforced maintenance of compliance readiness
Do you need help assessing your compliance readiness? Learn how our automated crosswalk technology will dramatically reduce your labor requirements. Schedule your free consulting session, up to 1 hour.