Principal drafter, November 2016
Overall, we support the New York State Department of Financial Services’ (DFS) promotion of establishing, enhancing and maintaining robust cybersecurity risk management practices. We agree with the NYSDFS’ assessment over the criticality of cybersecurity programs. While we support the objectives of the proposed regulation, we have concerns that it may result in unintended consequences and therefore have general and specific comments aimed to provide greater clarity over the DFS’ expected requirements and recommended revisions to better allow impacted organizations to meet the DFS’s expectations especially as they relate to management or board certification with compliance with the rule. Our comments pertain to the impacts to banking Covered Entities.
Many financial services companies currently comply with federal and state regulatory requirements such as the Gramm-Leach Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA). Many impacted organizations have already invested in relevant risk management strategies as identified by the Federal Financial Institutions Examination Council (“FFIEC”) IT Examination Handbooks and frameworks established by the National Institute of Standards & Technology (NIST), including the Cybersecurity Framework…
Recent Comments