Self Assessment Tool for NYDFS (New York Department of Financial Services) Cyber Security Regulation


Self Assessment Tool - for NYDFS Cyber Security Regulation Compliance.

New York Governor, Andrew Cuomo, has rolled out a new first-in-the-nation regulation to protect New York State from the ever-growing threat of cyber-attacks. It will take effect on March 1, 2017.

The regulation requires banks, insurance companies, and other financial services institutions regulated by the State Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry. 

It requires regulated financial institutions to do the following:

  • Establish a Cybersecurity program; adopt a written Cybersecurity policy;
  • Designate a Chief Information Security Officer responsible for implementing, overseeing and enforcing its new programs and policies;
  • Have policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties,
  • Various other requirements to protect the confidentiality, integrity and availability of information systems.

Though there is a 180-day window to comply after March 1st, as a financial services entity in the state of New York, it makes smart sense to be aware of the requirements, and know the gaps sooner, so that come March 1, you are prepared with a plan.  

Based on the requirements stated in the regulation, we at Aujas have put together a Excel based self-assessment tool to help you evaluate the compliance, control effectiveness, associated risk exposure, and program maturity levels of your current cyber security program.

The self-assessment tool can be downloaded by filling the short form in this page 

(This is an MS Excel based tool covering all sections and sub-sections, and mapping with ISO27001:2013 and NIST 800-53)