The New York State Dept. of Financial Services (DFS) has released a revised draft of its proposed cybersecurity regulation for banks, insurance companies and other financial services, Cybersecurity Requirements for Financial Services Companies (PDF).
The updated regulation requires organizations to develop a cybersecurity program and written policy to protect the integrity and privacy of confidential data.
The DFS also pushed back the implementation deadline from the original date of Jan. 1, 2017 to March 1, 2017. Organizations must meet compliance requirements within 180 days of the regulation’s effective date.
The new regulations also require organizations to notify the DFS within 72 hours of determining that a security incident has occurred.
The DFS requires organizations to use multi-factor authentication or risk-based authentication to protect against unauthorized access to nonpublic information systems.