New York
23 NYCRR 500
On March 1, 2017, the New York State Superintendent of Financial Services put into effect 23 NYCRR Part 500, a cybersecurity regulation requiring organizations that provide financial services (Covered Entities) in the state of New York to adhere to certain cybersecurity standards.
​
BitSpartan helps Covered Entities become compliant with 23 NYCRR 500 by offering a range of information security and cybersecurity services that enable organizations to adhere to the security requirements of 23 NYCRR 500.
Covered Entities
The New York Cybersecurity Regulation applies to organizations regulated by the Department of Financial Services that are authorized to conduct business in the state under the state's banking, financial services, or insurance laws. A few examples are:
Mortgage Companies
Credit Unions
Life Insurance Companies
Licensed Lenders
Trust Companies
Our company specializes in cybersecurity. Put your trust in us to handle security compliance.
The Process
Here are five major steps to be 23 NYCRR 500 compliant. This is a repeating process as covered entities are required to file their certificate of compliance each year. We can help in any of these areas.
1
Define in scope system and process
2
Gap Assessment against the 15 sections
3
Remediation and Review
4
Submit Certification of Compliance
5
Maintain Compliance
Requirement Overview
23 NYCRR 500
The core of the compliance requirements are the 15 security sections listed below. Each section is broken down into sub-sections which are essentially cybersecurity controls, standards, and best practices. Individuals and entities are required to implement these security standards and validate their effectiveness to ensure compliance. This is where we come in.
​
What does BitSpartan offer?
Our suite of cybersecurity services, which we provide directly or through our trusted partners, will help you implement the requirements of the 15 sections. We offer 23 NYCRR 500 readiness and gap assessments, cyber risk assessments, vulnerability assessments, penetration testing, security program development, Incident Response Plan, policy development, blue and red team operation services, and more.
​
Requirement Sections
500.02 Cybersecurity Program
500.05 Penetration Testing and Vulnerability Assessments
500.08 Application Security
500.11 Third Party Service Provider Security Policy
500.14 Training and Monitoring
500.03 Cybersecurity Policy
500.06 Audit Trail
500.09 Risk Assessment
500.12 Multi-Factor Authentication
500.15 Encryption of Nonpublic Information
500.04 Chief Information Security Officer
500.07 Access Privileges
500.10 Cybersecurity Personnel and Intelligence
500.13 Training and Monitoring
500.16 Incident Response Plan
We can help guide you through it all. It's what we do.
NYDFS performs routine examinations and compliance reviews. The ability to demonstrate compliance and provide proper documentation is crucial during an audit or post-breach incident review. BitSpartan can help organizations of any size with their New York Cybersecurity Regulation Compliance initiatives.
23 NYCRR 500
Compliance Services
General advisory and consulting services
Cyber Risk Assessments, Penetration Testing, Vulnerability Assessments
23 NYCRR 500 Readiness and Gap Assessments
3rd party vendor assessment, training and awareness programs
Security Program Development, Incident Response Plan, Policy Development
An entire suite of services to help achieve or maintain compliance
Ready for help?
We know what you're looking for and we know how to get you there. That's because, from a business perspective, we understand where you need to be. The majority of BitSpartan consultants transitioned from technical IT roles to management, where they provided governance, risk, and compliance expertise to top organizations in the private and public sector. In the field, all consultants are either CISA, CGEIT, CRISC, or trained and supervised by these certified professionals. Our strong technical and IT governance background, blended with assurance expertise, makes our team of consultants one of the best in the industry.