Cybersecurity Requirements for Financial Services

NY DFS Cybersecurity Requirements for Financial Services Companies

The New York State Department of Financial Service (DFS) 23 NYCRR 500 is a new requirement that our documentation addresses. The Word versions of these documents are footnoted with the NY DFS requirements and the Excel spreadsheet contains a mapping for the requirements to the standards. This enables you to clearly demonstrate the steps your

ComplianceForge offers four (4) unique products to comply with the New York Department of Financial Services (DFS) cybersecurity requirements: 

We offer a comprehensive lineup of cybersecurity-related documentation that can advance your company's compliance efforts for NY DFS cybersecurity requirements, as well as many other common compliance needs that businesses face.

2017-complianceforge-cybersecurity-product-comparison-leading-cybersecurity-frameworks-example.jpg

2017-comprehensive-far-52.204-21-compliance-documentation.jpg

The following table shows how the WISP and DSP documentation map to the NY DFS cybersecurity requirements:

Section Title NIST CSF WISP ISO 27002 WISP NIST 800-53 WISP DSP
500.02 Cybersecurity Program GOV-1 1.2.1.2 PM-01 GOV-01
500.03 Cybersecurity Policy

GOV-1

1.2.1.1
1.2.2.1

PM-01 GOV-02
500.04 Chief Information Security Officer

GOV-3
GOV-4

1.2.1.3
2.1.1.1
2.1.1.2

PM-02 GOV-04
500.05 Penetration Testing and Vulnerability Assessments  VPM-6

8.6.1.2
8.6.1.3

RA-05
RA-05(a)
CA-08

VPM-06
VPM-07

500.06 Audit Trail

MON-1
MON-2
MON-3
MON-4
MON-5
MON-6
MON-7
MON-8
MON-9

8.4.1.1
8.4.1.2
8.4.1.3
8.4.1.4

AU-01
AU-02
AU-03(a)
AU-03

MON-01
MON-03

500.07 Access Privileges

CFG-2
IAC-10 

5.1.1.1

IA-01
IA-02

IAC-01
500.08 Application Security

TDA-1
TDA-2
TDA-3
TDA-4
TDA-5
TDA-6
TDA-7
TDA-8

10.2.1.1
10.2.1.2

SA-05
SA-08

TDA-06
500.09 Risk Assessment

RSK-1
RSK-2
RSK-3
RSK-4
RSK-5
RSK-6 

1.2.1.5

PM-09
RA-01
RA-03

RSK-01
500.10 Cybersecurity Personnel and Intelligence

HRS-1
HRS-2
HRS-3
HRS-4
THR-1
THR-2
SAT-1
SAT-2
SAT-3
SAT-4 

2.1.4.1

PM-15
AT-03
AT-03(a)
PS-02(b)

OPS-02
THR-01

500.11 Third Party Service Provider Security Policy

TPM-1
TPM-2
TPM-3
TPM-4
TPM-5
TPM-6
TPM-7
TPM-8
TPM-9 

10.1.1.1
10.2.7.1

SA-01
SA-12
SA-12(b)
SA-14

TPM-01
500.12 Multi-Factor Authentication IAC-2  5.2.4.2 IA-02(b)

DCH-18
IAC-06

500.13 Limitations on Data Retention

DCH-4
DCH-5 

4.3.2.1
4.3.2.2

AU-11
SI-12
DM-02

PRI-05
500.14 Training and Monitoring

MON-6
MON-9
SAT-1
SAT-2
SAT-3
SAT-4 

3.2.2.2
3.2.2.3

PM-13
AT-01
AT-02
AT-03
AT-04

SAT-01
500.15 Encryption of Nonpublic Information

CRY-1
CRY-2
CRY-3
CRY-4 

4.2.3.3
6.1.1.1
6.1.1.4
6.1.1.5

MP-04(a)
MP-05(b)
AC-17(b)
AC-19(a)
SC-08
SC-08(a)
SC-28
SC-28(a)

CRY-01
CRY-03
CRY-05

500.16 Incident Response Plan

IRO-1
IRO-2
IRO-3
IRO-4
IRO-5
IRO-6
IRO-7
IRO-8
IRO-9
IRO-10
IRO-11 

12.1.1.1
12.1.2.1
12.1.5.1
12.1.7.1

IR-01
IR-04
IR-06
IR-07(b)
IR-08
IR-10

IRO-01
IRO-04

500.17 Notices to Superintendent DCH-8  12.1.2.1 IR-07

IRO-10
IRO-15

 

Cost Savings Comparison

From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing security program documentation:

Written Information Security Program (WISP) Cost Savings Estimate

As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a WISP from ComplianceForge is approximately 4% ($17,000+ savings) of the cost as compared to writing your own documentation and 2% ($41,000+ savings) of the cost as compared to hiring a consultant to write it for you!

   2017-pricing-written-information-security-program-wisp.jpg   

Digital Security Program (DSP) Cost Savings Estimate

Similar to the WISP example above, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a DSP from ComplianceForge is approximately 17% ($37,000+ savings) of the cost as compared to writing your own documentation and 8% ($90,000+ savings) of the cost as compared to hiring a consultant to write it for you!

 2017-pricing-cybersecurity-digital-security-policy-program.jpg


 

 

 

Sort by:

Sign up for our Newsletter!

×
×