Cybersecurity Requirements for Financial Services

NY DFS Cybersecurity Requirements for Financial Services Companies

The New York State Department of Financial Service (DFS) 23 NYCRR 500 is a new requirement that our documentation addresses. The Word versions of these documents are footnoted with the NY DFS requirements and the Excel spreadsheet contains a mapping for the requirements to the standards. This enables you to clearly demonstrate the steps your

ComplianceForge offers two (2) unique products to comply with the New York Department of Financial Services (DFS) cybersecurity requirements: 

We offer a comprehensive lineup of cybersecurity-related documentation that can advance your company's compliance efforts for NY DFS cybersecurity requirements, as well as many other common compliance needs that businesses face.

digital-cybersecurity-security-program-documentation.jpg

2017-comprehensive-far-52.204-21-compliance-documentation.jpg

The following table shows how the WISP and DSP documentation map to the NY DFS cybersecurity requirements:

Section Title ISO WISP NIST WISP DSP
500.02 Cybersecurity Program 1.2.1.2 PM-01 GOV-01
500.03 Cybersecurity Policy

1.2.1.1
1.2.2.1

PM-01 GOV-02
500.04 Chief Information Security Officer

1.2.1.3
2.1.1.1
2.1.1.2

PM-02 GOV-04
500.05 Penetration Testing and Vulnerability Assessments

8.6.1.2
8.6.1.3

RA-05
RA-05(a)
CA-08

VPM-06
VPM-07

500.06 Audit Trail

8.4.1.1
8.4.1.2
8.4.1.3
8.4.1.4

AU-01
AU-02
AU-03(a)
AU-03

MON-01
MON-03

500.07 Access Privileges 5.1.1.1

IA-01
IA-02

IAC-01
500.08 Application Security

10.2.1.1
10.2.1.2

SA-05
SA-08

TDA-06
500.09 Risk Assessment 1.2.1.5

PM-09
RA-01
RA-03

RSK-01
500.10 Cybersecurity Personnel and Intelligence 2.1.4.1

PM-15
AT-03
AT-03(a)
PS-02(b)

OPS-02
THR-01

500.11 Third Party Service Provider Security Policy

10.1.1.1
10.2.7.1

SA-01
SA-12
SA-12(b)
SA-14

TPM-01
500.12 Multi-Factor Authentication 5.2.4.2 IA-02(b)

DCH-18
IAC-06

500.13 Limitations on Data Retention

4.3.2.1
4.3.2.2

AU-11
SI-12
DM-02

PRI-05
500.14 Training and Monitoring

3.2.2.2
3.2.2.3

PM-13
AT-01
AT-02
AT-03
AT-04

SAT-01
500.15 Encryption of Nonpublic Information

4.2.3.3
6.1.1.1
6.1.1.4
6.1.1.5

MP-04(a)
MP-05(b)
AC-17(b)
AC-19(a)
SC-08
SC-08(a)
SC-28
SC-28(a)

CRY-01
CRY-03
CRY-05

500.16 Incident Response Plan

12.1.1.1
12.1.2.1
12.1.5.1
12.1.7.1

IR-01
IR-04
IR-06
IR-07(b)
IR-08
IR-10

IRO-01
IRO-04

500.17 Notices to Superintendent 12.1.2.1 IR-07

IRO-10
IRO-15

 

Cost Savings Comparison

From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing security program documentation:

Written Information Security Program (WISP) Cost Savings Estimate

As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a WISP from ComplianceForge is approximately 4% ($17,000+ savings) of the cost as compared to writing your own documentation and 2% ($41,000+ savings) of the cost as compared to hiring a consultant to write it for you!

   2017-pricing-written-information-security-program-wisp.jpg   

Digital Security Program (DSP) Cost Savings Estimate

Similar to the WISP example above, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a DSP from ComplianceForge is approximately 17% ($37,000+ savings) of the cost as compared to writing your own documentation and 8% ($90,000+ savings) of the cost as compared to hiring a consultant to write it for you!

 2017-pricing-cybersecurity-digital-security-policy-program.jpg


 

 

 

Sort by:

Sign up for our Newsletter!

×
×