NY DFS Part 500 requires covered entities to conduct annual penetration testing of their information systems by a qualified internal team or external vendor. Class A companies face additional prescriptive requirements around penetration testing methodology. Penetration test results and remediation actions must be documented and available to DFS examiners.
Keep Exploring
References