Cybersecurity Requirements for Financial Services

NY DFS Cybersecurity Requirements for Financial Services Companies

The New York State Department of Financial Service (DFS) 23 NYCRR 500 is a requirement that our documentation addresses. ComplianceForge offers two(2) unique products to comply with the New York Department of Financial Services (DFS) cybersecurity requirements: 

SectionTitleISO WISPNIST WISPDSP
500.02Cybersecurity Program1.2.1.2PM-01GOV-01
500.03Cybersecurity Policy

1.2.1.1
1.2.2.1

PM-01GOV-02
500.04Chief Information Security Officer

1.2.1.3
2.1.1.1
2.1.1.2

PM-02GOV-04
500.05Penetration Testing and Vulnerability Assessments

8.6.1.2
8.6.1.3

RA-05
RA-05(a)
CA-08

VPM-06
VPM-07

500.06Audit Trail

8.4.1.1
8.4.1.2
8.4.1.3
8.4.1.4

AU-01
AU-02
AU-03(a)
AU-03

MON-01
MON-03

500.07Access Privileges5.1.1.1

IA-01
IA-02

IAC-01
500.08Application Security

10.2.1.1
10.2.1.2

SA-05
SA-08

TDA-06
500.09Risk Assessment1.2.1.5

PM-09
RA-01
RA-03

RSK-01
500.10Cybersecurity Personnel and Intelligence2.1.4.1

PM-15
AT-03
AT-03(a)
PS-02(b)

OPS-02
THR-01

500.11Third Party Service Provider Security Policy

10.1.1.1
10.2.7.1

SA-01
SA-12
SA-12(b)
SA-14

TPM-01
500.12Multi-Factor Authentication5.2.4.2IA-02(b)

DCH-18
IAC-06

500.13Limitations on Data Retention

4.3.2.1
4.3.2.2

AU-11
SI-12
DM-02

PRI-05
500.14Training and Monitoring

3.2.2.2
3.2.2.3

PM-13
AT-01
AT-02
AT-03
AT-04

SAT-01
500.15Encryption of Nonpublic Information

4.2.3.3
6.1.1.1
6.1.1.4
6.1.1.5

MP-04(a)
MP-05(b)
AC-17(b)
AC-19(a)
SC-08
SC-08(a)
SC-28
SC-28(a)

CRY-01
CRY-03
CRY-05

500.16Incident Response Plan

12.1.1.1
12.1.2.1
12.1.5.1
12.1.7.1

IR-01
IR-04
IR-06
IR-07(b)
IR-08
IR-10

IRO-01
IRO-04

500.17Notices to Superintendent12.1.2.1IR-07

IRO-10
IRO-15

 

Cost Savings Comparison

From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing security program documentation:

Written Information Security Program (WISP) Cost Savings Estimate

As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a WISP from ComplianceForge is approximately 4% ($17,000+ savings) of the cost as compared to writing your own documentation and 2% ($41,000+ savings) of the cost as compared to hiring a consultant to write it for you!

   2017-pricing-written-information-security-program-wisp.jpg   

Digital Security Program (DSP) Cost Savings Estimate

Similar to the WISP example above, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a DSP from ComplianceForge is approximately 17% ($37,000+ savings) of the cost as compared to writing your own documentation and 8% ($90,000+ savings) of the cost as compared to hiring a consultant to write it for you!

 2017-pricing-cybersecurity-digital-security-policy-program.jpg


 

 

 

Sort by:
×
×