Draft Amendments to Cybersecurity Amendments Announced; Big I NY to Submit Comments
What Happened:On July 29th, the NYSDFS released a pre-proposed draft of forthcoming amendments to 23 NYCRR 500, New York's sweeping cyber regulation. The DFS proposes a wide range of changes to the regulation, including but not limited to:Require covered entities to strictly limit the number of “privileged accounts", aka those able to perform security-relevant functionsMore specific requirements for entity risk assessments, required annually and when there is a material change to risk, as opposed to “periodically."Possibly requiring employees of covered entities to develop their own third-party service provider policies. We have requested clarification on this as it would have troubling implications for individual agents.Expand the…