The New York State Department of Financial Services (NYS DFS) created a first-in-nation regulation that mandates cybersecurity standards to covered entities in New York within the financial services, banking, and insurance industries. As of March 1st, 2017 the NYS DFS 23 NYCRR 500 standard has officially been promulgated and organizations effected by this regulation will need to start adhering to this standard. The regulation aims to protect the information systems, data, and process of how an organization performs cybersecurity.

Whether a small company looking to get started or a large organization with a cybersecurity program already established, our services can be broken down into multiple areas of assistance. We offer fully managed solutions, assessments or implementation engagements to aid organizations into complying with the NYS DFS Cybersecurity regulation at every level. Get in contact with us today to speak about how we can help and check out our Getting Started Compliance Guide.

NYS DFS Cybersecurity Assessment Benefits

  • vCISO
  • Risk Assessments
  • Policy & Procedures
  • Third Party Vendor Reviews
  • Managed SIEM
  • IT Audit
  • Incident Response
  • Security Awareness Training
  • Penetration Testing
  • Vulnerability Management
  • Sensitive Data Discovery
  • Access Privilege Review

Purchase from Our OGS Contract

Visit our State Contract Page for more information

Cybersecurity Bundles

CCSI offers turnkey and custom cybersecurity solutions that feature field-tested products and services from proven vendors. Our consultative, vendor-agnostic approach provides multiple options for on-premise, virtual, and cloud-based deployment. We offer different service bundles to meet our client’s needs and custom packages are available.

Assists clients with determining where their security gaps and data issues resides. This meets all NYS DFS Cybersecurity regulations when it comes to securing, discovering, and auditing data.

  • Data Discovery & Access Privilege Review (500.07)
  • Encryption review of non-public data (500.15)
  • Third party vendor review (500.11)
  • Risk assessment (500.09)

Geared towards assisting clients with meeting the defensive needs from a technical perspective that the NYS DFS requires.

  • Penetration Testing (500.05a)
  • Security Awareness (500.14b)
  • SIEM/Cybersecurity Monitoring (500.07, 500.10, 500.14a)
  • Vulnerability Management (500.05b)

For clients that require managed services or implementation needs as it relates to the NYS DFS requirements.

  • Access Privilege Solutions (500.07)
  • Audit Trail Review Solutions (500.06)
  • Multi-factor Authentication Solutions (500.12)
  • Vulnerability Management (500.05b)

For clients who need assistance filling Cybersecurity resources in the CISO, engineering and analyst roles.

  • CISO (500.04a)
  • Cybersecurity Personnel and Intelligence (500.10)

Aimed to complete all written aspect of the NYS DFS regulation while working closely with you to align your business needs to the documentation.

  • Application Security Process (500.08)
  • CISO Reporting (500.04b)
  • Cybersecurity Policy and Procedure (500.03)
  • Incident Response Plan (500.16)

NYS DFS Cybersecurity Resources

Learn more about the NYS DFS Cybersecurity Regulation via the resources below and the NYS DFS Cybersecurity Guide.



As of March 1 2017, the New York State Department of Financial Services deployed new regulations that are aimed at making organizations more compliant and secure from threats.



Make sure your organization is ready for each transitional period. Check out this Road Map Infographic that highlights the regulation phases that your business needs to comply to.

NYS DFS Regulation


CCSI’s Larry Bianculli discusses NYS DFS regulation with Matthew Pascucci. They discuss the overall requirements, what organizations are affected, and how to go about implementing the regulation.

How to File the Annual Certification of Compliance

Matthew Pascucci from CCSI, Gabrial Gumbs from STEALTHbits, and Paul Ferrillo from Weil’s Litigation discuss the NYS DFS 23 NYCRR 500 Certification of Compliance and how to submit the certification due on February 15.

To find out more, contact us today.