Statutes, codes, and regulations
New York Codes, Rules and Regulations
Title 23 - FINANCIAL SERVICESChapter I - Regulations of the Superintendent of Financial Services
Part 500 - CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
Section 500.10 - Cybersecurity Personnel and Intelligence

N.Y. Comp. Codes R. & Regs. tit. 23 § 500.10

Download
PDF
Current through Register Vol. 46, No. 25, June 18, 2024
Section 500.10 - Cybersecurity Personnel and Intelligence
(a) In addition to the requirements set forth in section 500.4(a) of this Part, each covered entity shall:
(1) utilize qualified cybersecurity personnel of the covered entity, an affiliate or a third-party service provider sufficient to manage the covered entity's cybersecurity risks and to perform or oversee the performance of the core cybersecurity functions specified in section 500.2(b)(1)-(6) of this Part;
(2) provide cybersecurity personnel with cybersecurity updates and training sufficient to address relevant cybersecurity risks; and
(3) verify that key cybersecurity personnel take steps to maintain current knowledge of changing cybersecurity threats and countermeasures.
(b) A covered entity may choose to utilize an affiliate or qualified third-party service provider to assist in complying with the requirements set forth in this Part, subject to the requirements set forth in sections 500.4 and 500.11 of this Part.

N.Y. Comp. Codes R. & Regs. Tit. 23 § 500.10

Adopted, New York State Register March 1, 2017/Volume XXXIX, Issue 09, eff. 3/1/2017
Amended New York State Register November 1, 2023/Volume XLV, Issue 44, eff. 11/1/2023