The NAIFA-NYS Cybersecurity Compliance Package is a tool for you to use to help you comply with the Department of Financial Services (DFS) new cybersecurity regulation. Compliance with the regulation is risk-based—that is, each covered entity’s requirements for compliance are based upon that entity’s specific risk profile. This compliance package, therefore, is not designed to be one-size-fits-all. Businesses of different types and sizes will arrive at different compliance needs after utilizing the package.
We advise that you use the tools in the compliance package in consultation with your own IT expert to develop both the hardware and software measures you need to implement all of the cyber protections that the DFS regulation requires.
The package was developed in conjunction with the prestigious Center for Internet Security (CIS) and consists of three parts:
- access to an internet portal for the purpose of assisting an agent, through a series of questions, in conducting the cyber risk assessment required by the DFS regulation. The results of the risk assessment may be downloaded for your records.
- a draft model policy, as required by the regulation, for an agent to adapt to his or her business, based upon the results of the risk assessment. (The sections in the model policy directly correspond with the required policy sections in the regulation.)
- an online audio training session, as required by the regulation, that is conducted by a CIS representative for an agent and his or her employees
NAIFA-NYS staff and CIS personnel will be available to help you use the compliance package.