New cybersecurity requirements fast approaching for New York financial firms
Many financial firms have mere days to notify New York about whether they have complied with the state’s strict cybersecurity regulations, and to gear up for new requirements rolling out May 1 and beyond.
Annually by April 15, financial businesses must submit a Certification of Material Compliance or an Acknowledgment of Noncompliance, which specifies what still needs to be done. Companies with limited exemptions must submit the notification by April 15 but those with full exemptions do not need to contact NYDFS, the department said.
Additional requirements adopted under the 2023 amendments are rolling out this year, with the first set to hit May 1, focused on secure data access. By that date, all businesses covered by the cyber rules must have policies in place that limit user access to accounts, they must disable or make secure all protocols regarding remote control of devices, and they must take other measures to secure account access.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
News BriefDOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
More from Regulatory Policy
-
News BriefWith “stroke of a pen,” CFPB withdraws controversial guidance docs issued under Dems
The Consumer Financial Protection Bureau has rescinded 39 guidance documents that had provided insight into the regulator’s thinking on a host of topics, including enforcement practices and how companies should handle customer complaints.
-
Basic PageNew DOJ policy means heat is off corporate crime and on drug kingpins
The Department of Justice is moving the enforcement of all but the most heinous white-collar crimes onto the back burner and putting investigations of drug kingpins, illegal immigration, and sanctions evasions up front, Matthew Galeotti, head of the DOJ’s Criminal Division, said Monday.
-
News BriefSEC Chair Atkins advances Trump’s pro-crypto efforts, promising first market rules
The head of the Securities and Exchange Commission promised new sets of rules around cryptocurrency assets, saying his team intends to lay out regulatory frameworks around custody and “qualified custodians,” as well as guidelines around issuing and trading. The expected move marks the latest step in the U.S. government’s embrace ...