Secure Controls Framework
Download The SCF
NY DFS Part 500

What are the NY DFS Part 500 incident reporting requirements?

Direct Answer

Covered entities must notify DFS within 72 hours of a cybersecurity event that has a reasonable likelihood of materially harming normal operations or that requires reporting under other laws. Covered entities must also notify DFS within 24 hours of making a ransom payment and provide details within 30 days. Third-party cybersecurity events affecting the covered entity must also be reported within 72 hours.

Keep Exploring

Relevant Resources

References

Authoritative Sources