fortra blue logo

  Support

  Contact

  Portal

boldon james logo dark background
fortra logo white
  • Solutions
        • Solutions
          • Data Classification
          • Regulatory Compliance
          • Data Protection
          • Automated Data Classification
          • Cloud Security
          • Data Discovery
          • Military Messaging
          • Data Loss Prevention
          • Data Retention & Archiving
          • Digital Rights Management
          • Secure Collaboration
        • Solutions By Industry
          • Automotive
          • Defence
          • Education
          • Emergency Services
          • Financial Services
          • Government Data
          • Healthcare
          • Insurance
          • Intelligence Services
          • Legal
          • Manufacturing
          • Oil & Gas
          • Pharmaceuticals
        • Solutions By Regulation
          • GDPR Compliance
          • NATO STANAG 4774/4778
          • California Consumer Privacy Act (CCPA) Compliance
          • Controlled Unclassified Information (CUI) & NIST Compliance
          • NYDFS Cybersecurity Regulations Compliance
          • Chinese Cybersecurity Law (CCL)
          • BS10010:2017
          • GSC Compliance
          • Protection of Personal Information Act (POPIA)
          • Australian Privacy Act
          • HIPAA Compliance
          • ISO 27001:2013
          • UAE Regulations
          • What is ITAR Compliance?
          • PCI Regulation Compliance
          • Public Services Network
          • SOX (Sarbanes Oxley)
          • Export Control Compliance
          • Data Protection Act (DPA)
  • Products
        • Data Classification
        • Classifier Foundation Suite
          • Classifier Foundation Suite
          • Classifier Add-On Components
          • Classifier Reporting
          • Live demo Request a Quote
        • By Application
          • Microsoft Office 365
          • Microsoft Exchange
          • Microsoft Office For Mac
          • Live demo Request a Quote
        • By Data Lifecycle Stage
          • Data in Use
            • Classifying Office Documents
            • Classifying CAD Documents
            • Live demo Request a Quote
          • Data at Rest
            • Discover and Classify Legacy Data
            • Classification Of Files
            • Classification In The Cloud
            • Live demo Request a Quote
          • Data in Motion
            • Classifying Email – Outlook & Notes
            • Live demo Request a Quote
          • Data Management and Monitoring
            • Classification Policy Administration
            • Monitoring And Reporting
            • Live demo Request a Quote
        • Secure Messaging
          • SAFEmail® Military Messaging
          • SAFEmail® X400 Bridgehead
        • Mainframe Connectivity
          • IMPART For UNIX/LINUX
          • IMPART Suite For Windows
        • Multi-Directory Viewing
          • Enterprise Address Book
  • Partners
    • Channel Partner Program
    • Technology Partners
    • Find a Partner
    • Become a Partner
    • Partner Portal
  • About Us
    • About Us
    • Customers
    • News
    • Events
    • Careers
  • Resources
  • Blog
  • Request a quote
  • Contact Us
Request a Demo
Contact us

NYDFS Cybersecurity
Regulations

Supporting NYDFS
Compliance

Boldon James Classifier provides application of metadata and visual markings to Non-Public Information (NPI) allowing downstream processes and solutions the ability to apply controls and characteristics as stipulated in 23 NYCRR 500. NPI is defined in 23 NYCRR 500, Section 500.01(g).

Boldon James visual markings and metadata labels provide:

Ensuring appropriate control
of confidential or sensitive information

Icon

Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements

Icon

Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information

Icon

Educating users about the sensitivity of data whilst ensuring adherence to corporate policy

Icon

Providing critical audit information on classification events to enable remediation activity and demonstrate compliance position to regulatory authorities

Enabling rapid search and data retrieval based on classification labels to support subject access requests

Utilising metadata labels to drive additional security controls and solutions, such as DLP, encryption and rights management

Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements

Fact Sheet:
NYDFS
Compliance

Whitepaper:
5 Steps To Effective
Data Protection

Blog Posts:

  • NYDFS Certification Of Compliance Deadlines Loom
  • Time to comply with NYDFS Phase Three
  • Addressing the EU GDPR and New York Cybersecurity Requirements: 3 Keys to Success – Part One, Part Two & Part Three

Webinar:

  • Getting in Shape – NYDFS Cyber Security Regulations Webinar

Utilize Data Classification To Assist In 23 NYCRR 500 Compliancy

The New York Department of Financial Services (NYDFS) began the enforcement of a new set of cybersecurity regulations for the banking, insurance, and financial sectors operating within the state of New York. The regulations were designed to encourage the development of durable processes and procedures necessary to protect customer data and underlying information technology systems. 23 NYCRR 500 went into effect on March 1, 2017 and specifically applies to ‘covered entities’, those defined as “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.” For those organizations attempting to verify their supervision under 23 NYCRR 500, NYDFS has provided a search form and the key dates associated with each milestone. As discussed in our blog entry (Data Classification and 23 NYCRR 500), numerous cybersecurity regulations are intended, and ultimately designed, to achieve the same result – effective security throughout the data life cycle.

Data classification is a cornerstone capability in any mature data governance program that not only support compliance efforts but also provides the degree of transparency necessary for effective management. Recognizing the need for a solid data governance foundation, NYDFS codified data classification into the new regulation. Section 500.03 of 23 NYCRR 500 calls for the covered entity (typically the CISO) to create and maintain a Cybersecurity Policy with associated procedures “for the protection of its Information Systems and Nonpublic Information stored on those Information Systems”. Specifically, Section 500.03 (b) calls for ‘data governance and classification’ to be included on those policy areas approved by a Senior Officer or the Covered Entity’s board of director s (or an appropriate committee thereof) or equivalent governing body.

The key tasks organisations must complete to comply with 23 NYCRR 500 include:

  • Appointment a CISO (if one isn’t already in place)
  • Perform risk assessments (which must be kept up to date on an ongoing basis)
  • Document all organisational policies and procedures
  • Perform penetration testing and vulnerability assessments
  • Train all staff on a regular basis
  • Monitor your assets and create audit trails
  • Limit user privilege
  • Securely destroy unnecessary data

Supporting Organizations In Implementing Data Classification

A key area the new regulation looks to cover is the implementation of cybersecurity leadership through organizations by designating a qualified individual to serve as the CISO. This elected individual will be tasked with overseeing and enforcing the firm’s cybersecurity program and policy. Each organization will also need to implement regular staff training to cover specific cybersecurity risk areas. The stipulations of the new regulation make sure organizations have detection, defense and response capabilities, including regulatory reporting as well as penetration testing. Just like other new regulations, such as the European General Data Protection Regulation (GDPR), organizations must report any cyber security incidents to the DFS as promptly as possible (no later than 72 hours post incident). So how do organizations ensure they are compliant with 23 NYCRR 500? Evaluating the cybersecurity changes that may be required within the organization with the senior management team, including the CISO and board of directors is a good place to start.

Key Components Necessary To
Achieve And Maintain 23 NYCRR 500 Compliancy

  • Creation and ongoing management of a Cybersecurity Program
  • Creation of a Cybersecurity Policy
  • Designation of a Chief Information Security Officer (CISO)
  • Penetration Testing and Vulnerability Assessments
  • Audit Trail – Maintain audit trail designed to reconstruct material financial transaction
  • Implement and monitor ‘Least Privilege’ for access to nonpublic information
  • Establish a written Incident Response Plan (IRP)
  • Evaluation of Third-Party Service Providers and their security policies
  • Perform Penetration Testing and Vulnerability Risk Assessments
  • NYDFS Breach Notification (72 hrs.)
  • Annual Compliance Certification signed by the Chairperson of the BOD or Senior Officer(s)
Gartner Peer Insights Logo

"Great product
for user awareness"

Very good customer support for implementation and operations. The product is great for improving user awareness of data classification.

Read Full Review

"Great Customer Satisfaction and a well integrated product"

The Boldon James Engineers are very supportive in assisting with deployments, queries and handling issues.

Read Full Review

"Helps to easily understand and implement classification"

Implementation is rather easier than other competitive products, administration console is also easier to understand and everything relevant to classification is there.

Read Full Review

Why choose
Fortra's Boldon James


With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.

Cloud Security

We integrate with powerful data security and governance ecosystems.

Compliance_00000169537615386194139130000005476601623426225307_

We protect business critical data, improve data control and reduce risk.

Group 38795

We deliver improved and streamlined business performance.

Full-Service

We are a “safe pair of hands” that constantly deliver success.

fortra blue logo

Privacy   |   Impressum   |  Cookies   |   Resources   |   Contact      

         

Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.