Secure Controls Framework
Download The SCF
NY DFS Part 500

What are the NY DFS Part 500 penetration testing requirements?

Direct Answer

NY DFS Part 500 requires covered entities to conduct annual penetration testing of their information systems by a qualified internal team or external vendor. Class A companies face additional prescriptive requirements around penetration testing methodology. Penetration test results and remediation actions must be documented and available to DFS examiners.

Keep Exploring

Relevant Resources

References

Authoritative Sources