As we reported here, March 1, 2018 brings a new transition date, with a new set of compliance obligations for Covered Entities subject to the Cybersecurity Regulation of the New York Department of Financial Services. By March 1, Covered Entities will need to have complied with the Risk Assessment requirement. Covered Entities other than those subject to the limited exemptions will also have to satisfy the requirements for (i) the annual report by the CISO to the Board, (ii) penetration testing and vulnerability assessment, (iii) multi-factor authentication, and (iii) cybersecurity awareness training of all personnel.
Be sure to have these covered by March 1 so you’ll be in a position to file your next Annual Compliance Certificate by February 15, 2019.
And don’t forget, after March 1, the next transition date will be September 3, 2018, when most of the remaining requirements are due, as outlined in the article linked above. It’ll be here sooner than you think!