New York Financial Institutions: There’s a New Certification Due Soon!

Time is running out for financial institutions in New York State to submit their first certification for 23 NYCRR Part 500.

New regulation

23 NYCRR Part 500 is a new cybersecurity regulation set up in March of 2017 which requires financial organizations in New York State to implement cybersecurity policies addressing topics such as information security, asset inventory, device management, customer data privacy, penetration testing, and incident response. Compliance with this regulatory policy is intended to help organizations secure customer data and ensure cybersecurity best practices are being implemented.

The first regulatory deadline is fast approaching – all covered entities must submit a certification of compliance by February 15, 2018.

Meeting compliance

Struggling to meet the requirements of 23 NYCRR Part 500? CIS is here to help! Our cybersecurity tools and best practices can help financial organizations make this transition as smooth as possible.

Do it yourself

Start by downloading these free resources: the CIS Controls and CIS Benchmarks, which are recognized as industry guidelines and cybersecurity standards for everything from organizational policy down to specific system configurations. The CIS Controls are mapped to other regulatory frameworks such as NIST and provide actionable policy suggestions prioritized based on today’s threat environment. The CIS Benchmarks provide consensus-based configuration guidance for more than 100 technologies.

Automate the process

Organizations can enroll in a time- and money-saving  CIS SecureSuite Membership, which automates our policy guidance through an integrated set of tools and resources. The highlight of membership is CIS-CAT Pro, a configuration assessment tool which tests compliance to CIS Benchmarks in just minutes. CIS-CAT Pro Dashboard, a companion tool to CIS-CAT Pro, allows users to view compliance over time, with a CIS Controls view into their assessment scores. CIS SecureSuite Membership also includes access to our remediation kits, GPOs and shell scripts which immediately apply secure CIS Benchmark settings to a target machine. With customizable CIS-CAT Pro implementation and technical support included, CIS SecureSuite Membership helps organizations start secure and stay secure.

Arrow  Learn more at about a CIS SecureSuite Membership

Working in the cloud? Take the CIS Benchmarks with you!

If the majority of your organization’s work is taking place on virtual machines, implement security from the start with CIS Hardened Images. CIS Hardened Images are pre-hardened to meet the security recommendations contained within the CIS Benchmarks. They’re available for multiple platforms on Microsoft Azure, the AWS Marketplace, and Google Cloud Platform.