Close Menu
Global News HQ
    What's Hot

    eBay Smells Opportunity in EU’s Digital Product Passport Mandate

    June 29, 2025

    SCOTUS’s CASA Decision Ends Nationwide Injunctions, Creating Uncertainty Around Enforcement of Executive and Agency Actions

    June 29, 2025

    This Under-the-radar Bermuda Resort Has 4 Pools and a Private Beach on the Island’s South Shore

    June 29, 2025
    Recent Posts
    • eBay Smells Opportunity in EU’s Digital Product Passport Mandate
    • SCOTUS’s CASA Decision Ends Nationwide Injunctions, Creating Uncertainty Around Enforcement of Executive and Agency Actions
    • This Under-the-radar Bermuda Resort Has 4 Pools and a Private Beach on the Island’s South Shore
    • How to Submit to Better Homes & Garden’s 2026 Food Awards
    • Exploring the No Tipping Trend: What It Means for Diners and Workers
    Facebook X (Twitter) Instagram YouTube TikTok
    Trending
    • eBay Smells Opportunity in EU’s Digital Product Passport Mandate
    • SCOTUS’s CASA Decision Ends Nationwide Injunctions, Creating Uncertainty Around Enforcement of Executive and Agency Actions
    • This Under-the-radar Bermuda Resort Has 4 Pools and a Private Beach on the Island’s South Shore
    • How to Submit to Better Homes & Garden’s 2026 Food Awards
    • Exploring the No Tipping Trend: What It Means for Diners and Workers
    • Can China’s MiniMax-M1 AI Topple US Rivals? We Put It to the Test – Decrypt
    • The Future of Social Security Just Went From Bad to Worse. Here’s What Seniors Can Expect Next. | The Motley Fool
    • Unsuspecting Elderly Widow Loses $281K in a Romance Scam: The Dark Side of Crypto
    Global News HQ
    • Technology & Gadgets
    • Travel & Tourism (Luxury)
    • Health & Wellness (Specialized)
    • Home Improvement & Remodeling
    • Luxury Goods & Services
    • Home
    • Finance & Investment
    • Insurance
    • Legal
    • Real Estate
    • More
      • Cryptocurrency & Blockchain
      • E-commerce & Retail
      • Business & Entrepreneurship
      • Automotive (Car Deals & Maintenance)
    Global News HQ
    Home - Legal - NYDFS Annual Compliance Submissions Due April 15, 2025 and New Compliance Requirements Effective on May 1, 2025
    Legal

    NYDFS Annual Compliance Submissions Due April 15, 2025 and New Compliance Requirements Effective on May 1, 2025

    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    NYDFS Annual Compliance Submissions Due April 15, 2025 and New Compliance Requirements Effective on May 1, 2025
    Share
    Facebook Twitter LinkedIn Pinterest Email


    As we previously reported, in 2023 the New York State Department of Financial Services (NYDFS) amended its cybersecurity regulation, 23 NYCRR 500 (or Part 500). As of November 1, 2024, Class A Companies and Covered Entities were required to comply with numerous Part 500 compliance obligations outlined here. 

    April 15, 2025 Compliance Certification Deadline

    Covered Entities have been required to submit annual compliance with Part 500 since the regulation”s adoption; however, since 2024, Covered Entities now have the option to submit either a Certification of Material Compliance (certifying they materially complied with the regulation requirements that applied to them in the prior year) or an Acknowledgement of Noncompliance (identifying all sections of the regulation with which they have not complied and providing a remediation timeline).

    The deadline for Covered Entities to submit annual compliance notifications for the 2024 calendar year is April 15, 2025. Submissions can be submitted through the NYDFS Portal. Covered Entities that qualify for full exemptions from Part 500 do not have to submit annual compliance notifications. For more information on the April 15 compliance deadline, guidance on which form to file, and step-by-step instructions, see NYDFS’s Submit a Compliance Filing section in the Cybersecurity Resource Center or contact your Katten attorney.

    May 1, 2025 Compliance Obligations

    On May 1, 2025, Covered Entities are required to meet additional requirements under Part 500, including:

    1. Access Privileges and Management
    • Implement enhanced requirements regarding limiting user access privileges, including privileged account access.
    • Review access privileges and remove or disable accounts and access that are no longer necessary.
    • Disable or securely configure all protocols that permit remote control of devices.
    • Promptly terminate access following personnel departures.
    • Implement a reasonable written password policy to the extent passwords are used. 

    Covered Entities and Class A Companies must also address the below items:

    1. Vulnerability Management: conduct automated scans of information systems, and a manual review of systems not covered by such scans” to discover, analyze, and report vulnerabilities at a frequency determined by their risk assessment and promptly after any material system changes.
    2. Mailicious Code: Implement controls to protect against malicious code.

    Class A Companies must further update their information security programs to include:

    1. Monitoring and Training: Implement (1) endpoint detection and response solution to monitor anomalous activity and (2) centralized logging and security event alert solution. CISOs can approve reasonably equivalent or more secure compensating controls, but approval must be in writing.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleKeep Your Garden Seeds Fresh from Year to Year with These 5 Storage Tips
    Next Article Why Be A Lawyer When Being A Movie Star Is On The Table? – Above the Law

    Related Posts

    SCOTUS’s CASA Decision Ends Nationwide Injunctions, Creating Uncertainty Around Enforcement of Executive and Agency Actions

    June 29, 2025

    Lawyer Calls Judge ‘Honey’ in Viral Moment | Law.com

    June 28, 2025

    Microsoft Sued in Manhattan Federal Court for Allegedly Using Pirated Material to Train AI Models | Law.com

    June 28, 2025

    Trump Thinks Reporting The Truth Is A Punishable Offense – See Also – Above the Law

    June 28, 2025
    Leave A Reply Cancel Reply

    ads
    Don't Miss
    E-commerce & Retail
    3 Mins Read

    eBay Smells Opportunity in EU’s Digital Product Passport Mandate

    Over the next few years, products sold in EU countries will be required to have…

    SCOTUS’s CASA Decision Ends Nationwide Injunctions, Creating Uncertainty Around Enforcement of Executive and Agency Actions

    June 29, 2025

    This Under-the-radar Bermuda Resort Has 4 Pools and a Private Beach on the Island’s South Shore

    June 29, 2025

    How to Submit to Better Homes & Garden’s 2026 Food Awards

    June 29, 2025
    Top
    E-commerce & Retail
    3 Mins Read

    eBay Smells Opportunity in EU’s Digital Product Passport Mandate

    Over the next few years, products sold in EU countries will be required to have…

    SCOTUS’s CASA Decision Ends Nationwide Injunctions, Creating Uncertainty Around Enforcement of Executive and Agency Actions

    June 29, 2025

    This Under-the-radar Bermuda Resort Has 4 Pools and a Private Beach on the Island’s South Shore

    June 29, 2025
    Our Picks
    E-commerce & Retail
    3 Mins Read

    eBay Smells Opportunity in EU’s Digital Product Passport Mandate

    Over the next few years, products sold in EU countries will be required to have…

    Legal
    6 Mins Read

    SCOTUS’s CASA Decision Ends Nationwide Injunctions, Creating Uncertainty Around Enforcement of Executive and Agency Actions

    Takeaways The SCOTUS opinion ends district courts’ ability to issue nationwide injunctions. The Court did…

    Pages
    • About Us
    • Contact Us
    • Disclaimer
    • Homepage
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube TikTok
    • Home
    © 2025 Global News HQ .

    Type above and press Enter to search. Press Esc to cancel.

    Go to mobile version