NYS-DFS 23 NYCRR 500 Compliance Assistanc

NYS-DFS 23 NYCRR 500 Compliance Assistance

Contact Us

The New York State Department of Financial Services’ (“NYS-DFS”) New York State Law 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies (“23 NYCRR 500”) went into effect on March 1, 2017. 23 NYCRR 500 requires that firms meeting the regulation’s definition of “Covered Entity” have certain cybersecurity measures in place by the stipulated compliance dates. Among other requirements, firms will be required to self-certify their compliance with 23 NYCRR 500. The two-year transitional period ended on March 1, 2019.

How We Help

nys-dfs 23 nyccr 500 readiness assessment

NYS-DFS 23 NYCRR 500 Readiness Assessment

For financial services firms that meet the regulation’s definition of Covered Entity, our team of experienced consultants can assist with assessing such firms’ readiness to comply with the requirements of 23 NYCRR 500. As part of such assessment, we will review your firm’s cybersecurity posture as you prepare for compliance with 23 NYCRR 500, and prepare a matrix of each of the 23 NYCRR 500 requirements that applies to your firm.

CISO Support Services

CISO Support Services

We can assist financial services firms with satisfying the 23 NYCRR 500 requirement to have a full-time Chief Information Security Officer (“CISO”) on staff. We can make available to your firm a dedicated senior consultant who can support your existing CISO by advising on the CISO functions and attending meetings, calls, emails, and/or conducting on-site visits.

DFS 23 NYCRR 500 Compliance Assistance

DFS 23 NYCRR 500 Resources




Get answers to FAQs including exemptions, penalties, and key compliance dates.



Archived Webcast

NYS-DFS Cybersecurity Regulation: What You Need to Know

Uncover compliance requirements, important deadlines, and common misconceptions.

View Now