Cybersecurity Regulation 23 NYCRR Part 500 introduces unprecedented levels of cybersecurity requirements to financial institutions in New York State. Dark Reading called it, “One of the harshest cybersecurity regulations to hit companies in the US.” The new rules are wide ranging, and include several sections that pertain to application security. Financial institutions will be required to put in place secure development processes, conduct regular penetration testing, have employees undergo cybersecurity awareness training, and more.
Security Compass offers a simple, scalable, and auditable way for affected financial institutions to meet compliance.
SD Elements, the leading Application Security Requirements and Threat Management (ASRTM) platform, helps development teams manage security requirements, build and enforce secure development processes, automate threat modeling, and more, while producing an auditable record of compliance. Our role-based training courses, with options for (ISC)² certification, and instructor-led Security Champions program help teams meet the cybersecurity awareness requirements, and our training modules integrate with SD Elements to give developers just-in-time training during the development process. Our Advisory team, with nearly 15 years in the industry, is experienced in penetration testing and helping organizations meet a variety of complex application security challenges.
Go here to read a full overview of the law’s effects on application security and Security Compass’s unparalleled solutions for meeting compliance.