An increasing number of clients are asking for guidance on how to comply with the updated New York Department of Financial Services (NYDFS) standards, which are being rolled out in several requirement phases through 2024 and 2025. Due to the widespread impact of these new regulations on businesses operating in New York State, Zilla is dedicated to helping customers understand and implement the NYDFS compliance requirements, which include modifications to how organizations manage and report on user access, least privilege access, and MFA (multi-factor authentication).
Let’s explore the fundamentals of NYDFS, its upcoming changes, and how customers can use Zilla to achieve and track NYDFS compliance more easily.
What is NYDFS?
The New York Department of Financial Services (NYDFS) is a regulatory leader in the financial industry, often at the forefront of cybersecurity best practices. Recently, the NYDFS introduced new amendments to its Cybersecurity Regulation (23 NYCRR 500) to address increasing cyber threat activity. These amendments will require additional effort from select organizations.
Who Needs to Comply with NYDFS?
The NYDFS regulations apply to a wide range of financial services institutions, including:
- Banks, mortgage companies, insurance companies, and other financial institutions operating in New York.
- Any organization licensed by the NYDFS (Department of Financial Services).
What’s Changing in NYDFS Compliance?
In addition to the ongoing and enhanced requirements around security policies, practices, and training, organizations must now:
- Conduct user access reviews at least annually and terminate unnecessary access (this phase must be implemented by May 1, 2025).
- Implement multi-factor authentication (MFA) for remote access to information systems, remote access to third-party applications containing NPI (personally identifiable financial information), and access to privileged systems (this phase must be implemented by November 1, 2024).
How Zilla Helps Customers Achieve Compliance with the Updated NYDFS Requirements
Zilla’s automated identity governance platform makes it easy to achieve compliance and produce detailed audit reports that satisfy NYDFS requirements. Unlike legacy identity governance solutions, Zilla’s approach is easy to use and deploy across organizations of all sizes. Additionally, Zilla users can reduce audit prep time up to 80% with automated reporting. It integrates with all your applications, giving our customers a comprehensive, single source of truth for every user (human and machine) across the enterprise.
Conduct User Access Reviews for NYDFS Compliance with Zilla
- Customize and create user access reviews across your organization’s systems and applications in the cloud and on-premises.
- Generate an auditable record of how and when revocations were completed.
Implement and Validate Required Authentication and Access Policies for NYDFS Compliance
- Use Zilla to detect and respond to access misconfigurations, including alerts where MFA is missing or incorrectly configured.
- Implement policies to automate least privilege access and respond to misconfigured access with alerts and remediation.
As the timeline for enhanced NYDFS compliance approaches, Zilla can help customers navigate these new requirements with ease. We’ll walk you through every step of the process.
Book a demo today to ensure your organization is prepared for NYDFS standards.