N.Y. Comp. Codes R. & Regs. tit. 23, § 500.10 – Cybersecurity personnel and intelligence. | Midpage
§ 500.10
N.Y. Comp. Codes R. & Regs. tit. 23, § 500.10
Cybersecurity personnel and intelligence.
Financial Services
(a) In addition to the requirements set forth in section 500.4(a) of this Part, each covered entity shall:
(1) utilize qualified cybersecurity personnel of the covered entity, an affiliate or a third-party service provider sufficient to manage the covered entity’s cybersecurity risks and to perform or oversee the performance of the core cybersecurity functions specified in section 500.2(b)(1)-(6) of this Part;
(2) provide cybersecurity personnel with cybersecurity updates and training sufficient to address relevant cybersecurity risks; and
(3) verify that key cybersecurity personnel take steps to maintain current knowledge of changing cybersecurity threats and countermeasures.
(b) A covered entity may choose to utilize an affiliate or qualified third-party service provider to assist in complying with the requirements set forth in this Part, subject to the requirements set forth in sections 500.4 and 500.11 of this Part.