NYDFS Cybersecurity Compliance Assessment and Consulting

According to the NYDFS’s latest amendments to the Cybersecurity Regulation, a BFSI company must undergo general risk assessment at least once a year, penetration testing at least once a year, and vulnerability assessment — at least twice a year. While AWS offers some baseline measures for meeting NYDFS guidelines, it is each organization’s responsibility to configure and operate its cloud environment in full compliance with NYDFS. ScienceSoft determines what NYDFS requirements are relevant to your particular case and runs a comprehensive assessment covering technical, administrative, and physical security controls to examine NYDFS compliance on both AWS’s and your organization’s side.

Depending on your needs, our assessment can cover:

• AWS infrastructure review, including computing resources, networking, data storage and management, security mechanisms, and AWS-hosted apps.
• Penetration testing, vulnerability assessment, automated and manual code review.
• Assessment of administrative safeguards, including internal policies regulating IT asset management, customer data access and governance, security risk management and incident response, data backup and disaster recovery procedures.
• Assessment of technical safeguards, including identity and access controls, audit logging, data encryption, and data integrity controls in the cloud.
• Assessment of physical safeguards, including the isolation of dedicated AWS cloud instances and access to physical devices and workstations connected to the cloud.
• Examination of BFSI employees’ knowledge of NYDFS compliance and cyber hygiene.

After the audit, we deliver a comprehensive report covering the revealed NYDFS compliance gaps and a detailed remediation plan. You get a clear checklist of corrective actions required to achieve your organization’s full compliance with the NYDFS Cybersecurity Regulation and pragmatic advice on implementing the necessary steps quickly and cost-effectively. If you need practical help with implementing the improvements, ScienceSoft’s AWS-certified engineers, NYDFS consultants, and cybersecurity specialists are ready to reconfigure your cloud environment, refine the security program, redesign the data governance framework, and establish additional cybersecurity mechanisms in accordance with the NYDFS requirements.