23 CRR-NY 500.12NY-CRR

OFFICIAL COMPILATION OF CODES, RULES AND REGULATIONS OF THE STATE OF NEW YORK
TITLE 23. FINANCIAL SERVICES
CHAPTER I. REGULATIONS OF THE SUPERINTENDENT OF FINANCIAL SERVICES
PART 500. CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
23 CRR-NY 500.12
23 CRR-NY 500.12
500.12 Multi-factor authentication.
(a) Multi-factor authentication.
Based on its risk assessment, each covered entity shall use effective controls, which may include multi-factor authentication or risk-based authentication, to protect against unauthorized access to nonpublic information or information systems.
(b) Multi-factor authentication shall be utilized for any individual accessing the covered entity’s internal networks from an external network, unless the covered entity’s CISO has approved in writing the use of reasonably equivalent or more secure access controls.
23 CRR-NY 500.12
Current through June 30, 2022
End of Document

IMPORTANT NOTE REGARDING CONTENT CURRENCY: The "Current through" date indicated immediately above is the date of the most recently produced official NYCRR supplement covering this rule section. For later updates to this section, if any, please: consult editions of the NYS Register published after this date; or contact the NYS Department of State Division of Administrative Rules at [email protected]. See Help for additional information on the currency of this unofficial version of NYS Rules.