E-mail
 Print
Technology Blog »

Compliance Deadline for 23 NYCRR 500 is Close

overview of the deadline dates for compliance for several components of New York's new Cybersecurity rule, 23 NYCRR 500
posted by Richard Delaney, CTO

July 25, 2017

23 NYCRR 500 - DEADLINE FOR COMPLIANCE IS 8/28/2017

The following are compliance deadlines dates for several compliance milestone dates of New York's  Cybersecurity rule, 23 NYCRR 500

August 28, 2017

  • Cybersecurity program in place
  • Cybersecurity policy created
  • Designation of a CISO
  • Limitation of user access privileges
  • Use, training and verification of cybersecurity personnel and intelligence
  • Development of an incident response plan

February 15, 2018

March 1, 2018

  • Monitoring and periodic penetration testing and vulnerability assessments
  • Risk assessment+
  • Multi-factor authentication
  • Training and monitoring
  • First CISO report to board of directors

September 1, 2018

  • Implementation of audit trail
  • Application security
  • Limitations on data retention+
  • Establishment of a monitoring program
  • Encryption of nonpublic information

March 1, 2019

  • Creation of third party service provider security policy +

Read More About NYCRR 23 500

+Not subject to exemptions: These are just a summary of the more prominent regulations. See the 23 NYCRR 500 for the entire regulation.


Your Firewall and Antivirus alone won’t protect you from vulnerabilities like CryptoWall, ShellShock, and other Zero-Day threats. Only a professional can help!

Call Now!
Contact Us