Precisely offers IBM i data security products to help you protect sensitive data & meet compliance


What is 23 NYCRR 500?

23 NYCRR 500 is also known as the New York Department of Financial Services (NYDFS) Cybersecurity Regulation. 

23 NYCRR 500 requires banks and financial services companies to implement a detailed cybersecurity framework to better protect consumer and institution data privacy. All licensed lenders, mortgage companies, private banks, service contract providers, state-chartered banks, and all agencies and branches of non-US banks licensed in the state of New York must comply with the new regulation. 

NYDFS Cybersecurity Regulations

Implemented in response to the growing cybersecurity risk environment facing US financial institutions, the regulation aims to mitigate the increasingly volatile risk climate through regular cybersecurity risk profile assessment reporting and a demonstration of reasonable care in preventing data breaches. 

Five IT Security Best Practices Derived from 23 NYCRR 500


To comply with the 23 NYCRR 500 regulation, certain minimum standards have been registered to assist financial institutions in hardening their cybersecurity apparatus. This includes the following: 

  • Risk-based minimum standards for information technology systems, including data protection and encryption, multi-factor authentication, access controls, and penetration testing.

  • Requirements that a security program is adequately funded, overseen by a chief information security officer, and implemented by qualified cybersecurity personnel.

  • Incident response planning that includes data preservation mechanisms, as well as the requirement to provide notice to the NYDFS in the event of a breach. 

  • Audit trails and annual reporting, designed to prevent, detect, and respond to a material event. 

  • Enhanced accountability through the identification and documentation of risks, remediation plans, and security compliance regulations. 

With the regulation rolling out in phases since March 1, 2017, important compliance dates have already passed. However, it is never too late to begin an NYDFS Cybersecurity Regulation compliance regime. 

Precisely recognizes the size and scope of the task and can help businesses both achieve and accelerate compliance with this regulation. Precisely provides a proactive and preventative data-driven approach to deterring and responding to cybersecurity threats through its security products and services. 

See how Assure Security -- Precisely's IBM i security and compliance solution -- can help you comply with 23 NYCRR 500 regulations.