3 NYCRR Part 500 - New York Cybersecurity is a set of regulations from the New York Department of Financial Services (NYDFS). This regulation requires regulated financial services institutions, including agencies and branches of non-US banks licensed in the state of New York, to assess their cybersecurity risk profile. The requirement includes conducting regular security risk assessments, auditing asset use, creating the necessary infrastructure to mount a defense against cybersecurity attacks, and creating policies and procedures related to cybersecurity. They also require these institutions to have an incident response plan in case of an attack or security breach.
These regulations went into effect on February 16, 2017.