Compliance Deadline for 23 NYCRR 500 is Close
by Richard Delaney, CTO
23 NYCRR 500 - DEADLINE FOR COMPLIANCE IS 8/28/2017
The following are compliance deadlines dates for several compliance milestone dates of New York's Cybersecurity rule, 23 NYCRR 500
August 28, 2017
- Cybersecurity program in place
- Cybersecurity policy created
- Designation of a CISO
- Limitation of user access privileges
- Use, training and verification of cybersecurity personnel and intelligence
- Development of an incident response plan
February 15, 2018
March 1, 2018
- Monitoring and periodic penetration testing and vulnerability assessments
- Risk assessment+
- Multi-factor authentication
- Training and monitoring
- First CISO report to board of directors
September 1, 2018
- Implementation of audit trail
- Application security
- Limitations on data retention+
- Establishment of a monitoring program
- Encryption of nonpublic information
March 1, 2019
- Creation of third party service provider security policy +
+Not subject to exemptions: These are just a summary of the more prominent regulations. See the 23 NYCRR 500 for the entire regulation.