• About
  • Solutions
    • Products
      • SecureMail Gateway
      • Fast&Secure
      • Consulting Services
    • Technologies
      • SecureTier
      • Data Leak Prevention
  • Pricing
  • Partners
    • Technology Partners
    • Reseller Programs
  • Resources
    • Whitepapers
    • Knowledge Base
    • Latest News
  • Contact
    • Contact Info
    • Open a Support Request

Call Toll free (855) 614-2378

sales@globalcerts.net
Manage account
GlobalCertsGlobalCerts
GlobalCertsGlobalCerts
  • About
  • Solutions
    • Products
      • SecureMail Gateway
      • Fast&Secure
      • Consulting Services
    • Technologies
      • SecureTier
      • Data Leak Prevention
  • Pricing
  • Partners
    • Technology Partners
    • Reseller Programs
  • Resources
    • Whitepapers
    • Knowledge Base
    • Latest News
  • Contact
    • Contact Info
    • Open a Support Request

Nation’s First CyberSecurity Regulations Take Effect

Home UncategorizedNation’s First CyberSecurity Regulations Take Effect
Nation’s First CyberSecurity Regulations Take Effect

Nation’s First CyberSecurity Regulations Take Effect

August 31, 2017

New York state has made history as the first state to enact a set of cybersecurity regulations for all entities who do business with the state. The regulations that first took effect in March this year (23 NYCRR Part 500) are now mandatory starting August 28th. These regulations now require all banks, insurance companies, mortgage brokers and other financial institutions to establish written policies annually that describe how they penetration test their networks, assess software vulnerabilities, train their employees in cybersecurity awareness, etc. It requires all organizations that must comply with the regulation to establish a Chief Information Security Officer (CISO) to oversee all security related training, activities, and implementation of the cybersecurity policy.

The regulation also establishes requirements for encryption of sensitive data, both within the network and during communication:

Section 500.15, “Encryption of Nonpublic Information,” requires each
Covered Entity to implement controls, including encryption, based on the
Covered Entity’s Risk Assessment, to protect Nonpublic Information held
or transmitted by the Covered Entity both in transit over external networks
and at rest. This section allows for the use of effective compensating
controls to secure Nonpublic Information in transit over external networks
and at rest if encryption of such is infeasible. Such compensating controls
must be reviewed and approved by the Covered Entity’s CISO. To the
extent that a Covered Entity is utilizing compensating controls, the feasibility
of encryption and effectiveness of the compensating controls shall
be reviewed by the CISO at least annually.

It’s evident that New York State is taking the recent spike in highly publicized ransom-ware attacks, data leaks, and other cyber attacks extremely seriously. But this not only affects the operations of organizations registered in the state. It is a requirement for ALL entities that do business in the state, even if they are registered out-of-state, or even out-of-country. Similar to the upcoming GDPR regulations put out by the EU, these regulations are expected to have wide-ranging effects rippling across the US. It is very likely that many other states are likely follow suit and enact similar cybersecurity regulations, which may lead to a consolidated set of federal regulations in the not to distant future.

GlobalCerts can serve an integral role in helping your organization comply with the regulations set forth in 23 NYCRR Part 500.  Our SecureMail Gateway solution can help by protecting your non-public information as it leaves your network through email, one of the most common sources of data leaks. The integrated DLP technology can be configured to automatically detect private information leaving your organization through email and automatically encrypt it, block it or notify your Information Security (IS) department. Contact us today to find out how easy we make it to comply with this and other cybersecurity regulations.

Sources:

Summary of Regulation Sections: https://docs.dos.ny.gov/info/register/2017/march1/pdf/Rule%20Making%20Activities.pdf
Press Release from NY State: http://dfs.ny.gov/about/press/pr1708281.htm

Full text available here: http://dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf

 


Share

You also might be interested in

TLS 1.0 End of Support

TLS 1.0 End of Support

Jun 25, 2018

IMPORTANT NOTICE: GlobalCerts will be removing support for TLS 1.0 from[...]

picture of computer networks

Critical Log4J Vulnerability

Dec 12, 2021

Note: GlobalCerts’ SecureMail Gateway products and services do not utilize[...]

Digital Signature Growth
Concept of digital screen, virtual connection icon, diagram, graph interfaces.Man working with laptop at office at wooden table.Reflections on glass surface.Flares effect.Horizontal

Digital Signature Growth

Nov 13, 2018

With more businesses looking to automate and streamline as many[...]

Contact Us

Have a question? We'd love to hear from you!

Send Message
See how GlobalCerts can secure your organization's email Request a Quote

Latest News

701 Palomar Airport Rd. STE 300
Carlsbad, CA 92011
(855) 614-2378
info@globalcerts.net

Site Search

Copyright © 2025 GlobalCerts LLC, All Rights Reserved Site Map | Privacy Policy | Legal Disclaimer