Guide to NYDFS Compliance: How Zilla Can Help

by | Jul 18, 2024

An increasing number of clients are asking for guidance on how to comply with the updated New York Department of Financial Services (NYDFS) standards, which are being rolled out in several requirement phases through 2024 and 2025. Due to the widespread impact of these new regulations on businesses operating in New York State, Zilla is dedicated to helping customers understand and implement the NYDFS compliance requirements, which include modifications to how organizations manage and report on user access, least privilege access, and MFA (multi-factor authentication).

Let’s explore the fundamentals of NYDFS, its upcoming changes, and how customers can use Zilla to achieve and track NYDFS compliance more easily.

What is NYDFS?

The New York Department of Financial Services (NYDFS) is a regulatory leader in the financial industry, often at the forefront of cybersecurity best practices. Recently, the NYDFS introduced new amendments to its Cybersecurity Regulation (23 NYCRR 500) to address increasing cyber threat activity. These amendments will require additional effort from select organizations.

Who Needs to Comply with NYDFS?

The NYDFS regulations apply to a wide range of financial services institutions, including:

  • Banks, mortgage companies, insurance companies, and other financial institutions operating in New York.
  • Any organization licensed by the NYDFS​ (Department of Financial Services)​​.

What’s Changing in NYDFS Compliance?

In addition to the ongoing and enhanced requirements around security policies, practices, and training, organizations must now:

  • Conduct user access reviews at least annually and terminate unnecessary access (this phase must be implemented by May 1, 2025).
  • Implement multi-factor authentication (MFA) for remote access to information systems, remote access to third-party applications containing NPI (personally identifiable financial information), and access to privileged systems (this phase must be implemented by November 1, 2024).

How Zilla Helps Customers Achieve Compliance with the Updated NYDFS Requirements

Zilla’s automated identity governance platform makes it easy to achieve compliance and produce detailed audit reports that satisfy NYDFS requirements. Unlike legacy identity governance solutions, Zilla’s approach is easy to use and deploy across organizations of all sizes. Additionally, Zilla users can reduce audit prep time up to 80% with automated reporting. It integrates with all your applications, giving our customers a comprehensive, single source of truth for every user (human and machine) across the enterprise.

Conduct User Access Reviews for NYDFS Compliance with Zilla

  • Customize and create user access reviews across your organization’s systems and applications in the cloud and on-premises.
  • Generate an auditable record of how and when revocations were completed.

Implement and Validate Required Authentication and Access Policies for NYDFS Compliance

  • Use Zilla to detect and respond to access misconfigurations, including alerts where MFA is missing or incorrectly configured.
  • Implement policies to automate least privilege access and respond to misconfigured access with alerts and remediation.

As the timeline for enhanced NYDFS compliance approaches, Zilla can help customers navigate these new requirements with ease. We’ll walk you through every step of the process.

Book a demo today to ensure your organization is prepared for NYDFS standards.

Author

  • Identity security leader Deepak Taneja smiles at the camera, in a blue and white checkered button-down shirt.

    Zilla Security Co-Founder, CEO & President Deepak Taneja is an entrepreneur and security expert with extensive experience founding and leading enterprise software companies. Deepak has been at the forefront of innovation in identity management for over 25 years.

    His vision for Zilla is to secure the enterprise by automating the management of permissions to all applications and data. Prior to Zilla Security, he founded and led Aveksa, a pioneer in identity governance, and was CTO at RSA Security after Aveksa was acquired by RSA.

    Previously, as CTO for Netegrity, he led the evolution of SiteMinder into an industry-leading web access management platform. An avid supporter of technology entrepreneurship, Deepak has served as a board member and advisor to several successful startups. Deepak holds a B. Tech in Electrical Engineering from the Indian Institute of Technology, Kanpur, and an M.S. in Electrical Engineering from the University of Florida.

    Connect with Deepak via LinkedIn.

    View all posts

Recent Posts

Modern IGA as a System of Record

A Modern Identity Governance & Administration (IGA) solution does more than govern identities—it can also serve as a comprehensive system of record.

Key Takeaways from a Discussion on Modern Identity Governance

Highlights of Zilla’s discussion on the need to modernize identity governance strategies. IGA experts covered the complex nature of IGA, the importance of automation and AI in a modern IGA strategy, and how to address the challenge of non-human identities.