
Are you compliant with the latest NYS cybersecurity regulation, 23 NYCRR Part 500, released by the Department of Financial Services?
Compliance Services
Contact us today to ask for a free consultation.

FAQs
If your organization is supervised by the Department of Financial Services, you are more than likely required to comply.
Covered entities, defined as DFS-regulated individuals and entities required to comply with the regulation, include partnerships, corporations, branches, agencies, and associations operating under a license, registration, charter, certificate, permit, accreditation, or similar authorization under Banking Law, the Insurance Law, of the Financial Services Law. Visit the
exemption flowchart on the NYS DFS page to learn more.
The regulation defines three classes of businesses that are required to comply, which are small businesses, Class A businesses, and other covered entities. Each of these categories has different requirements that are outlined in the below resources.
The New York State Department of Financial Services (NYS DFS) imposes a range of penalties for non-compliance. Fines can run up to $1,000 per violation according to the
NYS Financial Services Law Section 408.
All covered entities are required to submit an annual certification.
Only if a cybersecurity incident was revealed to impact them
(e.g., reporting extortion payments, customer data breaches, etc.). The SHIELD ACT regarding NY’s notification law for cybersecurity breaches, requires that companies notify their customers that have been impacted by a cybersecurity event. Visit the
NYS Cybersecurity Resource Center for more information.
NY is starting to implement stricter regulations regarding MFA. Starting Nov. 1, 2025, covered entities must use MFA for any
authorized user to access the organization’s information systems. Visit the
NYS Cybersecurity Resource Center for more information.
Contact Our Team of Compliance Experts Today
Our team will enable you to comply with each section of the 23 NYCRR Part 500 regulation and more importantly, reduce your risk posture while supporting secure and reliable operations.
Email Cyber@quanterion.com to schedule a free consultation identifying your unique needs and our compliance experts may assist. You can also call (315) 801-7777 or (877) 808-0097 (Toll Free).