Secure Controls Framework
Download The SCF
NY DFS Part 500

What does NY DFS Part 500 require for privileged accounts?

Direct Answer

NY DFS Part 500 requires MFA for all privileged accounts (with limited CISO-documented exceptions), annual review of all privileged account access, implementation of least-privilege principles, and monitoring of privileged account activity. Class A companies must also implement privileged access workstations or equivalent controls. Privileged account management is one of the most scrutinized areas during DFS examinations.

Keep Exploring

Relevant Resources

References

Authoritative Sources