Meeting NYDFS Section 500.7 Access Requirements

The New York Department of Financial Services (NYDFS) is a regulatory body responsible for overseeing financial services and products in New York State. Its jurisdiction falls over financial institutions such as banks, insurance companies, and other financial services firms. 

Compliance with the NYDFS Cyber Security Regulation applies even to businesses operating outside New York. It may extend to any organization that conducts business with entities regulated by the NYDFS. Financial services firms with operations, customers, or third-party relationships in New York also need to be aware of potential compliance requirements. 

Amendment to NYDFS Section 500.7 

Section 500.7 focuses on access privileges and cybersecurity requirements for financial institutions. The most recent amendment in November 2023 introduced stricter controls specifically for “Class A Companies” (companies with over 2000 employees or those generating > $1billion in annual gross revenue over the past 3 years). 

The changes to Section 500.7 can be broken down as: 

1. Principle of least privilege: Enhancing restrictions to ensure that users have only the access needed for their roles.
2. Just-in-Time Access: Requiring that access to privileged accounts be granted only when needed and revoked after use.
3. Privileged Access Management: Mandating annual reviews of privileges, immediate removal of unnecessary privileges, and the implementation of a privileged access management solution. 

Meet NYDFS and CSA CCM requirements with Britive’s Cloud PAM 

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a cybersecurity control framework designed specifically for cloud computing with detailed security controls aligned with industry standards, regulations, and best practices. Designed to assist cloud service providers (CSPs), cloud customers, and auditors with assessing risk, requirements from NYDFS Section 500.7 can also be mapped accordingly. 

Britive’s Cloud PAM platform fulfills the “implementation of a PAM” requirements, while also delivering the capabilities required to effectively execute the principle of least privilege through our patented, dynamic just-in-time (JIT) privileged access management. 

Want to learn more about how Britive can help you meet requirements for NYDFS or other regulatory requirements? Schedule time to chat with a member of the team or get a personalized demo.