Technology Blog »

Compliance Deadline for 23 NYCRR 500 is Close

overview of the deadline dates for compliance for several components of New York's new Cybersecurity rule, 23 NYCRR 500

23 NYCRR 500 - DEADLINE FOR COMPLIANCE IS 8/28/2017

There are varying compliance deadlines for several components of New York's new Cybersecurity rule, 23 NYCRR 500.22.  The following is an overview of the deadline dates:

August 28, 2017

  • Cybersecurity program in place
  • Cybersecurity policy created
  • Designation of a CISO
  • Limitation of user access privileges
  • Use, training and verification of cybersecurity personnel and intelligence
  • Development of an incident response plan

February 15, 2018

  • First annual certification of compliance+

March 1, 2018

  • Monitoring and periodic penetration testing and vulnerability assessments
  • Risk assessment+
  • Multi-factor authentication
  • Training and monitoring
  • First CISO report to board of directors

September 1, 2018

  • Implementation of audit trail
  • Application security
  • Limitations on data retention+
  • Establishment of a monitoring program
  • Encryption of nonpublic information

March 1, 2019

  • Creation of third party service provider security policy+

Read More About NYCRR 500

+Not subject to exemptions: These are just a summary of the more prominent regulations. See the 23 NYCRR 500 for the entire regulation.