NYDFS is an acronym for the New York Department of Financial Services. NYDFS established a set of cybersecurity requirements under the NYDFS Cybersecurity Regulation or 23 NYCRR Part 500. These requirements apply to financial services firms and compel them to create a cybersecurity program that addresses the following areas:
- information security
- data governance and classification
- asset inventory and device management
- access controls and identity management
- business continuity and disaster recovery planning and resources
- systems operations and availability concerns
- systems and network security
- systems and network monitoring
- systems and application development and quality assurance
- physical security and environmental controls
- customer data privacy
- vendor and Third Party Service Provider management
- risk assessment
- incident response