DarkReading called it “one of the harshest cybersecurity regulations to hit companies in the US,” and the grace period for compliance expired last Monday. It’s called the Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500), and it’s a New York state regulation with global reach.
If you’re not familiar with Part 500, I’ve attached a couple of links you might find interesting. The regulation covers financial institutions as well as third-party entities serving them. That last detail means you might be affected even if you’re nowhere near Manhattan.
Part 500 mandates breach reporting within 72 hours of an event. As a security professional, you know that’s not much time to detect, understand, and remediate a breach. That’s where Lacework’s cloud security solution shines. We blend real-time breach detection with the industry’s most powerful tools for incident investigation. We give you a fighting chance to have the breach fixed before it hits the regulator’s desk.
As promised, here are a few articles I’ve found on Part 500:
- Dark Reading has a great overview of the regulation and its impacts with CISO-level technical detail.
- New York Law Journal has some great real-world advice along with the legalese. A good resource if you’re trying to understand whether you’re affected.
- The Wall Street Journal (paywall) summarizes the business impact of the regulation.