Skip to main content

New York Department of Financial Services

Cybersecurity Regulation 23 NYCRR 500 Section 500.02

Regulatory Text

Each Covered Entity shall maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of the Covered Entity’s Information Systems.

(b) The cybersecurity program shall be based on the Covered Entity’s Risk Assessment and designed to perform the following core cybersecurity functions:

(1) identify and assess internal and external cybersecurity risks that may threaten the security or integrity of Nonpublic Information stored on the Covered Entity’s Information Systems;

(2) use defensive infrastructure and the implementation of policies and procedures to protect the Covered Entity’s Information Systems, and the Nonpublic Information stored on those Information Systems, from unauthorized access, use or other malicious acts;

NYDFS-regulated firms must implement a cybersecurity program that protects the personally identifiable information and other non-public data it maintains.

data privacy regime possibility
How Can We Help?

Theta Lake's Compliance Solutions

The NYDFS Cybersecurity requirements mandate that Covered Entities have cybersecurity programs in place to protect their systems and the nonpublic information stored in them.  Transparency into both collaboration platform settings and employee communications taking place on those applications are a critical component of any Covered Entity’s NYDFS Cybersecurity compliance strategy.

Theta Lake’s Safety COVER feature provides comprehensive reporting and management of enterprise collaboration security settings.  Firms can ensure that collaboration settings to prevent Zoombombing and unauthorized access like passwords, waiting rooms, and encryption are enabled, and remain active, across all deployments.

Additionally, Theta Lake’s detections for malicious URLs, account numbers, Social Security numbers, birthdates, and other PII across web cams, screen shares, whiteboards, audio, and chat, bolster supervision protocols to help firms identify and manage potential data leakage incidents and align to NYDFS expectations.