NY DFS Cybersecurity Regulation

Meet the Certification Requirements of the New York DFS’s Cybersecurity Regulation while managing compliance with ALL of your IT Security requirements… regardless of source.

Cybersecurity Risk Management for Financial Service Companies

The New York State Department of Financial Services (DFS) has been closely monitoring the ever growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors, particularly against financial services organizations. In response, DFS established “Part 500” of Title 23 of its rules and regulations which requires annual certification that targeted organizations are in compliance with specific IT security requirements.

What Organizations Are Covered

The NYDFS Cybersecurity Regulation applies to all entities operating under or required to operate under DFS licensure, registration, or charter, or which are otherwise DFS-regulated, as well as, by extension, unregulated third-party service providers to regulated entities.
Examples of covered entities include:

  • State Chartered Banks
  • Certified Reinsurers
  • Licensed Lenders
  • Credit Line Providers
  • NY Medical Malpractice Insurers
  • Exam Monitors
  • Purchasing Groups (Reg. in NY)
  • Companies with Approval to use ISO
  • Public Auto Loss Costs
  • Private Bankers
  • Foreign Banks (NYC)
  • Flood Insurance training Providers
  • Risk Retention Groups (registered in New York)
  • Mortgage Companies
  • Health Services Providers
  • HMOs and Continuing Care Retirement Communities
  • Insurance Companies
  • Insurance Companies – (Approved
  • PFL) Insurance Policy Forms
  • Insurance Companies – Approved
  • Independent Livery Programs
  • Service Providers
  • Internationally Active Insurance
  • Groups (IAIGs)
  • Not-For-Profit Mortgage Brokers
Featured Product Highlights For This Standard

Compliance Manager GRC allows you to use all of your current IT security tools, software and systems to meet the requirements of The NYDFS Cybersecurity Regulation . . . while you maintain compliance with all your other IT requirements, regardless of source. The built-in Standard Management Template allows you to quickly determine if you can “check the boxes” for every requirement, identifies the gaps, and automatically prepares all of the documents you need to comply with the regulation. Here are a few of the value-added features you get:

  • Rapid Baseline Assessments – Quickly identify gaps required for certification
  • Technical Risk Assessments – Full risk assessment that meets the NYDSF requirements
  • Auditor’s Checklist – Easy access for NYDFS auditors to quickly satisfy their reporting
  • Employee Awareness Training Portal – Tracking and reporting required by the NYDFS
  • Policies & Procedures Manual – Required documentation of everything you need to do
  • Vendor Risk Management Portal – Required for Third Party Service Provider tracking and documentation
  • Automated Documentation & Storage – Meets the NYDFS Audit Trail requirements for security purposes.
  • VulScan Integration – Satisfies the need for regular scanning and eliminating need for Pen Testing

Full New York State DFS Part 500 Documentation

The New York State Department of Financial Services requires that all covered entities maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of their information systems. This puts a heavy burden of documentation on IT professionals who work in IT Departments of these entities, as well as Managed Service Providers who service them. This includes a complete Policies and Procedures Manual, Risk Assessment, Management Plan, and Evidence of Compliance.

According to the regulation, “All documentation and information relevant to the covered entity’s Cybersecurity program shall be made available to the superintendent upon request.”


Compliance Manager GRC includes all of the documentations you need to satisfy any audit

Full-Featured To Manage the NY DFS Cybersecurity Regulation Along with All Your Other IT Requirements

Compliance Manager GRC is simple to use, and you don’t have to be a financial services expert to manage the stringent parameters from the NYDFS regulation. CM GRC includes all the features needed to provide ongoing management and compliance with the requirements you need to protect your organization(s). You can perform Rapid Baseline Assessments at any time to quickly identify gaps in your NYDFS Part 500 certification requirements. With the added ability to track, monitor and enforce employee security awareness training and evaluate and manage vendor risk, Compliance Manager GRC is designed for the multi-functional IT professional to track and manage ALL IT requirements, regardless of source.


Whether complying with the NYDFS standard, tracking terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility .


Assuring compliance NYDFS  – and all your other IT requirements – is easy with Compliance Manager GRC.  You can get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation.


Compliance Manager GRC is priced to be affordable for the smallest organizations, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk and compliance platforms. Whether you are managing compliance for your own organization, or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo