The New York State Department of Financial Services (NYDFS) has defined Title 23 Part 500 of the Official Compilation of Codes, Rules and Regulations of the State of New York (NYCRR), covering minimum cybersecurity standards designed to promote the protection of customer information and the IT systems of financial entities operating in NY state. This comprehensive regulation is a standard against which to measure the effectiveness of cybersecurity infrastructure, personnel, policies, risk assessments, and audits, ensuring that organizations keep pace with technological advancements.
RedLegg offers multiple solutions to meet 23 NYCRR 500 requirements. The various solutions adapt to meet the needs of your organization’s size and current security posture.
- Enterprise Security Assessment – A multi-phased approach designed to provide a holistic evaluation of security posture and risk, including review of regulatory compliance, security controls, internal and external vulnerabilities, secure code, and social engineering vulnerability.
- vCISO – A Digital Strategic Security Program (virtual CISO) that enables small- and medium-sized organizations (SMBs) to leverage the expertise of an experienced cybersecurity team while minimizing time and resource investments.
- Policy Framework Development – A document development methodology focusing on standards, guidelines, policies, and procedures that inform users of their responsibilities, define the security protection program, and implement appropriate protection initiatives.
- Application Security – A methodology, based on proven industry best practices, to determine whether your organization’s applications are secure, including network review, system testing, application testing (threat modeling and secure code review), risk analysis, and IoT configuration review (if needed).
- Secure Code Review – A process for assessing the risks to your applications, including review of customer-specific applications and verifying code, line-by-line, to ensure that every aspect is secure.
- Penetration Testing – A determination of exposure to risk and vulnerabilities as well as the identification, definition, and creation of a specific, actionable remediation plan, including internal testing (threat vulnerabilities of your internal resources) and external testing (vulnerabilities in your systems due to actors outside your security perimeter).
The following table lists the RedLegg solutions that address the NYDFS:
Solution | 23 NYCRR 500 Section Coverage | |||||||||||||||||||
01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | |
Enterprise |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
vCISO |
|
• |
• |
• |
• |
• |
• |
• |
• |
• |
• |
• |
• |
• |
• |
• |
|
|
|
|
Policies |
|
• |
|
|
• |
|
• |
|
|
• |
|
• |
• |
|
• |
|
|
|
|
|
Applications |
|
|
|
|
|
• |
• |
• |
|
|
• |
|
|
• |
|
|
|
|
|
|
Secure Code |
|
|
|
|
|
|
|
• |
• |
|
• |
• |
|
|
• |
|
|
|
|
|
Pen Testing |
|
|
|
|
• |
|
|
|
• |
|
• |
|
|
|
|
|
|
|
|
|