top of page

New York Cybersecurity Regulations

What institutions are affected?  

The following institutions that are affected by this requirement are:

  • Bank & Trust Companies

  • Bank Holding Companies

  • Charitable Foundations

  • Credit Unions

  • Domestic Representative Offices

  • Foreign Bank Branches

  • Foreign Representative Offices

  • Private Bankers

  • Savings Banks

  • Savings & Loan Associations

  • Budget Planner

  • Check Cashers

  • Money Transmitters

  • Sales Finance Companies

  • Service Contract Providers

  • Health Insurers, Accident and Related Entities

  • Insurance Holding Companies

  • Life Insurance Companies

  • Premium Finance Agencies

  • Property and Casualty Insurance Companies

  • Licensed Lenders

  • Mortgage Bankers

  • Mortgage Brokers

  • Mortgage Loan Originators

  • Mortgage Loan Servicers
     

How can Tritium help?

Tritium’s services encompass many of the critical requirements directed by NYS Department of Financial Services.

  • Annual Penetration Testing [Section 500.05]

  • Bi-annual Vulnerability Assessments [Section 500.05]

  • Appointed CISO (External Support) [Section 500.04]

  • Audit Trails [Section 500.06]

  • Access Privileges [Section 500.07]

  • Application Security [Section 500.08]

  • Risk Assessment [Section 500.09]

  • Third Party Risk Assessment [500.11]

  • Multi-Factor Authentication [Section 500.12]

  • Data Retention [Section 500.13]

  • Training and Monitoring [Section 500.13] 

  • Encryption of Non-Public Information [Section 500.15]

  • Incident Response Planning [Section 500.16]

In an effort to counter against cyber-criminal events and protect consumer privacy, New York State Officials presented mandated regulation in which financial institutions must comply. These regulations (23 NYCRR 500) took effect on March 1st, 2017. Organizations are required to comply with most of these regulations by August 2017, and completely by March 2019.  

bottom of page