0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
1.2 KiB
NY DFS 500 (New York Cybersecurity Regulation)
NY DFS 500 (23 NYCRR 500)
New York State Department of Financial Services cybersecurity regulation for financial services. The most aggressive US state-level financial cybersecurity rule. Requires: risk assessment, penetration testing, multi-factor authentication, incident response plan, annual certification of compliance by the board.
Who must comply: Any entity regulated by NY DFS — banks, insurers, mortgage brokers, virtual currency companies operating in New York. ~3,000 institutions.
Penalties: $200K-$1M per violation; business license revocation possible.
Why it matters: The annual board certification requirement creates demand for verifiable evidence of control effectiveness — exactly what the gate stack produces. First-mover advantage is significant (few vendors target NY DFS 500 specifically) and the regulation is a template that other states are adopting.
Part of the compliance framework index.