NYDFS Proposed amendments to its Cybersecurity Regulation, “Part 500.”  According to DFS, the amendments include:

– Creation of three tiers of companies, further tailoring the regulation to a diverse set of businesses with different defensive needs.

– Enhanced governance requirements, thereby increasing accountability for cybersecurity at the Board and C-Suite levels.

– Additional controls to prevent initial unauthorized access to technology systems and to prevent or mitigate the spread of an attack.

– Requiring more regular risk and vulnerability assessments, as well as more robust incident response, business continuity and disaster recovery planning.

– Directing companies to invest in regular training and cybersecurity awareness programs that are relevant to their business model and personnel.

Under the State Administrative Procedure Act, there is a 60-day Comment period.  The proposed amendments can be found here:  https://www.dfs.ny.gov/reports_and_publications/press_releases/pr20221109221