N.Y. Comp. Codes R. & Regs. Tit. 23 § 500.2 - Cybersecurity Program
(a) Each
covered entity shall maintain a cybersecurity program designed to protect the
confidentiality, integrity and availability of the covered entity's information
systems and nonpublic information stored on those information
systems.
(b) The cybersecurity
program shall be based on the covered entity's risk assessment and designed to
perform the following core cybersecurity functions:
(1) identify and assess internal and external
cybersecurity risks that may threaten the security or integrity of nonpublic
information stored on the covered entity's information systems;
(2) use defensive infrastructure and the
implementation of policies and procedures to protect the covered entity's
information systems, and the nonpublic information stored on those information
systems, from unauthorized access, use or other malicious acts;
(3) detect cybersecurity events;
(4) respond to identified or detected
cybersecurity events to mitigate any negative effects;
(5) recover from cybersecurity events and
restore normal operations and services; and
(6) fulfill applicable regulatory reporting
obligations.
(c) Each
class A company shall design and conduct independent audits of its
cybersecurity program based on its risk assessment.
(d) A covered entity may meet the
requirement(s) of this Part by adopting the relevant and applicable provisions
of a cybersecurity program maintained by an affiliate, provided that such
provisions satisfy the requirements of this Part, as applicable to the covered
entity.
(e) All documentation and
information relevant to the covered entity's cybersecurity program, including
the relevant and applicable provisions of a cybersecurity program maintained by
an affiliate and adopted by the covered entity, shall be made available to the
superintendent upon request.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.