What are 23 NYCRR 500 for Financial Services Requirements?

What are 23 NYCRR 500 for Financial Services Requirements?

A first in the US, 23 NYCRR 500 highlights a risk-driven approach to protecting consumer information



  • Protect nonpublic information (Section 500.01 Definitions. (g) Nonpublic Information)
  • Appoint a CISO to oversee, implement and report to your Board of Directors (Section 500.04 Chief Information Security Officer)
  • Maintain audit trails for not fewer than five years (Section 500. 06 Audit Trail)
  • Third party service providers must implement and ensure the security of their systems and nonpublic information (Section 500.11 Third Party Service Provider Security Policy)
  • Based on your risk assessment, you should use effective controls which may include multi-factor or risk-based authentication (Section 500.12 Multi-Factor Authentication)
  • Data retention limitations: periodically destroy Nonpublic information identified in section 500.01(g) (2)-(3) (Section 500. 13 Limitations on Data Retention)
  • Train and Monitor your users (Section 500. 14 Training and Monitoring)
  • Encrypt Nonpublic information: based on your Risk Assessment, you should implement controls, including encryption, to protect Nonpublic Information held or transmitted both in transit over external networks and at rest. (Section 500. 15 Encryption of Nonpublic Information)
  • Notify the Superintendent of breaches within 72 hours from the determination that a Cybersecurity event has occurred (Section 500.17 (a) Notices to Superintendent)
  • Annual submission of regulatory compliance statement (Section 500.17 Notices to Superintendent)



How can GTB Technologies for Financial Services Solutions help?

GTB Data Protection for NYDFS

See for yourself, having solved the market limitation of false positive rates and consistently highlighted as a Gartner Visionary by providing a comprehensive enterprise Data Loss Prevention solution at a highly attractive price, while delivering a fast time to value; including receiving the highest rated critical capability scoring in data discovery and ease of deployment.

    Are you also interested in our Compliance & Regulation Service?



    Want to see something cool?

    Want Easy Access to
    Data Security that Works?

    Secure your Sensitive Data, including from  Remote Users

    Try it for Free