On February 16, 2017, the New York Department of Financial Services (NYDFS) published a final ruleimposing new cybersecurity requirements on covered financial institutions. The Rule takes effect on March 1, 2017; however, covered institutions will have 180 days to come into compliance with most requirements, with longer transition periods of 1-2 years for certain obligations. The Rule requires covered entities to certify annually that they are in compliance with its requirements, with the first certification due on February 15, 2018. NYDFS revised its prior drafts of the Rule based on two rounds of public comment.