The deadline to comply with the first set of requirements under the new DFS Cybersecurity Regulations (“the Regulations”) is here! By today, August 28, 2017, businesses subject to the Regulations must ensure that they:
- Designate a Chief Information Security Officer (“CISO”)
- Establish a Cybersecurity Program
- Develop a Written Cybersecurity Policy.
As future compliance deadlines approach, we will prepare similar guidance materials. Below, to assist subject businesses to craft their long-term plans, are the future compliance deadlines that the Regulations impose.
|Chief Information Security Officer (CISO)|
|2/15/2018||First Annual Certification by Senior Management or Board of Directors|
|3/1/2018||Penetration Testing and Vulnerability Assessments|
|Training and Monitoring: Cybersecurity awareness training for all personnel|
|Cybersecurity Personnel and Intelligence|
|Training and Monitoring: Policies that monitor authorized users/ detect unauthorized access or use of nonpublic information|
|Encryption of Nonpublic Information|
|Limitations on Data Retention|
|3/1/2019||Third Party Service Provider Security Policy|
NOTE: Certain covered entities are exempt from some of the requirements listed above.