23 NYCRR 500 Cybersecurity Playbook

The New York State Department of Financial Services (DFS) implemented Cybersecurity Regulation 23 NYCRR Part 500 in response to “the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations, and independent criminal actors.” Key dates start on September 1, 2017 and run through March 1, 2019.


Free Download




Compliance As a Foundation For a Culture of Security

Compliance should do so much more than just check a box. This playbook will be most helpful for companies who do business in the State of New York and for any companies who want to leverage compliance efforts to build a foundation of security. The outlined approach can be used for complying with other state regulation requirements, not just New York.

This Playbook includes:

  • Full breakdown of the 23 NYCRR 500 regulation
  • NIST Cybersecurity Framework approach
  • Four 6-month sprint cycles
  • Impact Makers’ expert notes and suggestions along the way
  • In-depth FAQ section


We’ll answer your compliance questions:

Cathie Brown
VP of Governance, Risk, and Compliance

Stam Xylas
Lead Consultant

Learn more about our cybersecurity consulting.

Adam Foldenauer
Financial Services Vertical Lead