ITNYC.com — IT Tech Support
Free Compliance ConsultationContact Us
NYDFS 23 NYCRR Part 500 (incl. Nov 2023 amendments)

NYDFS Part 500, GLBA & SEC Cybersecurity Self-Assessment

Score your firm against 23 NYCRR Part 500, NY SHIELD Act, GLBA Safeguards, SEC and FINRA cyber rules.

Score your firm against NY-specific cyber regulations and federal requirements for financial advisors and broker-dealers.

No registration required to take the assessment. Save, email, or download a PDF report by registering.

Executive assessment covers

7 sections · 36 questions · ~10–15 min

NYDFS Part 500 — Program & Governance

§500.2–500.4: program, policy, CISO.

4 questions

NYDFS Part 500 — Technical Controls

§500.5–500.15: testing, audit, access, MFA, encryption.

7 questions

NYDFS Part 500 — People & Third Parties

§500.10–500.14: personnel, training, third-party risk.

4 questions

NYDFS Part 500 — Incident Response & Notification

§500.16–500.17: IR plan, 72-hour notice, ransom payments.

5 questions

NY SHIELD Act

Reasonable safeguards for NY residents' private information.

4 questions

SEC / FINRA Cyber

Reg S-P, Reg S-ID, FINRA supervisory controls, SEC cyber disclosure.

6 questions

GLBA Safeguards Rule

Information security program covering customer information.

6 questions

Regulations referenced

NYDFS 23 NYCRR Part 500 (incl. Nov 2023 amendments)NY SHIELD ActSEC Reg S-P / S-IDFINRA Rule 3110GLBA Safeguards Rule