23 CRR-NY 500.14NY-CRR
23 CRR-NY 500.14
23 CRR-NY 500.14
500.14 Training and monitoring.
As part of its cybersecurity program, each covered entity shall:
(a) implement risk-based policies, procedures and controls designed to monitor the activity of authorized users and detect unauthorized access or use of, or tampering with, nonpublic information by such authorized users; and
(b) provide regular cybersecurity awareness training for all personnel that is updated to reflect risks identified by the covered entity in its risk assessment.
23 CRR-NY 500.14
Current through June 30, 2021
End of Document |