The NYDFS’ Cybersecurity Regulation’s Third-Party Requirement and Beyond

New York State Department of Financial Services’ Cybersecurity Regulation’s last rolling requirement concentrated on third-party management. Among other things, that provision, Section 500.11, which took effect March 1, 2019, requires the adoption of processes that address the identification and risk assessment of third parties and the minimum cybersecurity practices they must meet. The Cybersecurity Law Report spoke with Mike Stiglianese, technology and cybersecurity managing director for the financial services industry at BDO, about the regulation’s third-party requirements, the enforcement climate, and the potential far-reaching effects of the law. See also “The Hidden Requirements in NYDFS’ Cybersecurity Regulation” (Oct. 24, 2018) and our webinar, “Tackling the NYDFS Cybersecurity Regulation’s Ongoing Challenges” (Dec. 6, 2018).

To read the full article

Continue reading your article with a CSLR subscription.