23 NYCRR 500 (US)

The State of New York adopted a rule in March 2017 that imposes a new set of cybersecurity requirements (23 NYCRR 500) on financial institutions that are licensed or authorized to do business by the New York State Department of Financial Services (DFS). This regulation is designed to protect customer data and the information technology systems of regulated institutions. It requires each financial institution to assess its specific risk profile and design a program that addresses the risks.

ORock has prepared a guidance document called ORock NYCRR Compliance Support Document to explain how financial institutions can comply with 23 NYCRR 500 requirements.