0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
28 lines
1.2 KiB
Org Mode
28 lines
1.2 KiB
Org Mode
:PROPERTIES:
|
|
:ID: 581666ba-f72c-406b-8556-93876d2b30bf
|
|
:ID: auto-ny-dfs-500
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: NY DFS 500 (New York Cybersecurity Regulation)
|
|
#+filetags: :passepartout:compliance:framework:ny:
|
|
|
|
|
|
** NY DFS 500 (23 NYCRR 500)
|
|
|
|
New York State Department of Financial Services cybersecurity regulation for
|
|
financial services. The most aggressive US state-level financial cybersecurity
|
|
rule. Requires: risk assessment, penetration testing, multi-factor authentication,
|
|
incident response plan, annual certification of compliance by the board.
|
|
|
|
Who must comply: Any entity regulated by NY DFS — banks, insurers, mortgage
|
|
brokers, virtual currency companies operating in New York. ~3,000 institutions.
|
|
|
|
Penalties: $200K-$1M per violation; business license revocation possible.
|
|
|
|
Why it matters: The annual board certification requirement creates demand for
|
|
verifiable evidence of control effectiveness — exactly what the gate stack
|
|
produces. First-mover advantage is significant (few vendors target NY DFS 500
|
|
specifically) and the regulation is a template that other states are adopting.
|
|
|
|
Part of the [[id:e4a7b3d2-1c9f-4b6e-8a2d-5f3c7e1b9a0c][compliance framework index]].
|