Home » New Infosec Requirements Take Effect in NY State

New Infosec Requirements Take Effect in NY State

If you’re a financial services company doing business in New York state, March 1 was your deadline to file for your first annual certification with 23 NYCRR 500. This is the state’s groundbreaking cybersecurity regulation that mandates risk assessments, vulnerability assessments, penetration testing, multifactor authentication, and end-user awareness training.

Covered companies have already been required since August to report not just breaches of personally identifiable information (PII), but any other event that has a “reasonable likelihood” of causing material harm to normal operations. The law says companies must report these events within 72 hours.

Xantrion can help you bring your information security up to New York state’s rigorous standards. Call us to get started.