Secure Controls Framework
Download The SCF
NY DFS Part 500

Does NY DFS Part 500 require Multi-Factor Authentication?

Direct Answer

Yes. The 2023 amendments require MFA for all remote access to the covered entity's information systems and for all privileged accounts. Exceptions are available only where the CISO documents that alternative controls provide equivalent security, but MFA is the standard requirement. Class A companies face stricter MFA implementation timelines.

Keep Exploring

Relevant Resources

References

Authoritative Sources