Financial Services

23 NYCRR 500 Compliance

Need help with 23 NYCRR 500 compliance?

Sera-Brynn logo

We can help you comply with the New York State Department of Financial Services cyber security law.

If you haven’t appointed a Chief Information Security Officer, our Fractional CISO services satisfy Section 500.04 and ease the burden.  Contact us to learn how.

From risk assessments and incident response to third-party vendor management, Sera-Brynn has got you covered.

What is the New York State DFS Cyber Security Law?

23 NYCRR 500 sets a baseline for banks and insurance companies doing business in New York to protect information. The regulation includes core requirements like multi-factor authentication, training, incident response, and access controls. Notably, organizations must appoint a Chief Information Security Officer, or CISO.

Does it apply to me?

If you are regulated by the NYS DFS, 23 NYCRR 500 will apply  with limited exceptions. 

Find more information on key dates and resources here.