Ready to meet the new NYDFS Cybersecurity requirements?

If you’re using Salesforce to manage customer data, Own Company can help.

Book a meeting to learn more

RESOURCES

on-demand

PwC x Own: Are you ready for the NYDFS Cybersecurity requirements?

Watch as our Panel of PwC and Own representatives discuss the amendments of the NYDFS regulation and what solutions are available.
dATA SHEET

Ready to meet New York State’s Updated cybersecurity requirements?

If you’re using Salesforce to manage customer data, Own Company can help you with this compliance journey..
BLOG

NYDFS Emphasizes Data Protection and Business Continuity in Updated 23 NYCRR 500 Cybersecurity Regulation

Own and PwC
Government
FedRAMP
On-Platform Development
Data Lifecycle Management
Zero Trust
World Backup Day
Disaster Recovery
SaaS Data Protection
Data Analytics
Data Activation
DORA
Shared Responsibility Model
Data Services
AWS
Dreamforce
Customer Support
CISOs
Own Accelerate
Own Accelerate
Own Discover
Own Secure
Own Archive
Own Recover
EMEA
IDC
Customer Support
Report
HIPAA
OwnBackup Accelerate
Product Updates
Financial Services
Ransomware
Business Leaders
Data Protection Imperative
French Blog
Power Apps
Dynamics CRM
Dataverse
Copilot
AI
Compliance Leaders
GDPR
Technology Leaders
World Tour
Salesforce Ben
Own Sandbox Seeding
CRM Platform Owners
Data Backup
Data Security
Own Secure
Own Archive
Own Recover
Award
CPRA
Compliance
Customer Stories
Copado
Archive
Marketing
Featured
Microsoft Ignite
Cybersecurity
Veeva
Tech Blog
ServiceNow
Security
Data Seeding
Salesforce
nCino
Microsoft Dynamics CRM
Events
Digital Transformation
Data Management
Data Encryption
Data Archiving
Compliance
Company News
Cloud Migration
Business Continuity
Backup and Recovery
Administration

The New York State Department of Financial Services (NYDFS) has updated the 23 NYCRR 500 regulation titled “Cybersecurity Requirements for Financial Services Companies.” Companies must be able to provide documentation of compliance with the majority of updated requirements, which include the following:

  • Asset inventory, data classification/sensitivity and encryption

  • Complete an annual independent audit of the cybersecurity program

  • Implement a privileged access management solution

  • Solutions and controls to prevent usage of common passwords

  • Implement a detection and response system (XDR)

  • The storage of backups isolated from client network connections and annual testing

  • Require users to authenticate via Multi-Factor Authentication (MFA)

  • Monitor for anomalous activity and generate alerts

  • Incident response and business continuity management

  • Documentary evidence demonstrating compliance

corporate handshake
tall building

Larger companies (“Class A” companies), with aggregate revenue from New York operations and over $1 billion globally, or 2,000 employees globally, must also:

  • Complete an annual independent audit of cybersecurity program

  • Implement a privileged access management solution and controls to prevent the usage of common passwords for privileged accounts

  • Implement an end-point detection and response system to monitor for anomalous activity and generate alerts

  • Implement an end-point detection and response system to monitor for anomalous activity and generate alerts

  • Enhance business continuity and disaster recovery protocols, including the identification of critical data, the storage of backups isolated from client network connections, and annual testing

  • Require users to authenticate via Multi-Factor Authentication

The regulation also requires a compliance filing, with supporting documentary evidence, which raises the risk of firms falling short and incurring millions in fines. Companies must also implement new controls, increase the frequency of existing cyber controls, and ensure that their compliance with the regulation is documented.

How Own can help ensure NYDFS compliance for Salesforce:

secure

Least privileged access management solution (section 500.7 on pages 8-9) Encryption (section 500.15 on page 12)
Data Classification/Sensitivity (section 500.13, page 12)

archive

Data retention requirements (section 500.3 on page 5 and section 500.13 on pages 11-12)

recover

Backup and recovery (section 500.16 on pages 13-15)

View our data sheet

Get started

Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.

Schedule a Demo
Office: 646.503.5100info@owndata.comContact Us
linkedinYouTube
Data Protection Platform
why ownSolutionsBusiness ContinuityEnsuring ComplianceSecuring AccessLifecycle ManagementOn-Platform DevelopmentOff-Platform AnalyticsFedRAMP™
Cloud Solutions
SalesforceMicrosoftServiceNowAWSVeevanCino
ProductsBackup & RecoveryData SecurityData SeedingData ArchivingData Discovery
Resources
BlogEventsOn-DemandeBooksData SheetsOwn+All Resources
Company
About UsCareersPartnersNewsroom
Support
Knowledge BaseCall Back RequestSubmit a TicketSupport PolicySupport & Services
PricingCustomers
LegalPrivacy NoticeJob Applicant Privacy Policy
and Notice at CollectionSLATerms of ServiceTrustVulnerability Disclosure PolicyEnvironmental PolicySupplemental Notice for
California ResidentsDo Not Sell or Share My
Personal Information
© 2024 Own Company. All rights reserved.
why own
Solutions
Cloud Solutions
Products
Resources
COMPANY
support
CUSTOMERS
pricing
Legal
Office: 646.503.5100info@owndata.comContact Us

© 2024 Own Company. All rights reserved.

Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Deny
Accept
Cookie preferences