THE NEW YORK STATE DEPARTMENT of FINANCIAL SERVICES (DFS) CYBERSECURITY REGULATION 23 NYCRR 500 SECTION 11
All Covered Entities, which include all licensees regulated by the DFS, must have written policies and procedures designed to ensure the security of Information Systems and Nonpublic Information accessible to or held by Third Party Service Providers (TPSPs).
The policies and procedures must include relevant guidelines for due diligence and/or contractual protections relating to TPSPs.
