The FISMA Focus IPD

New York Gov. Andrew Cuomo announced in September a first-in-the-nation regulation designed to protect the state from the growing threat of cyberattacks. The proposed rule targets the state’s financial services institutions, requiring banks and insurance companies to establish a cybersecurity program and designate a chief information security officer.

***

The regulation, which was subject to a public comment period that ended last month and is expected to go into effect next month, lays out a clear framework for how financial companies are to identify, protect, detect, respond and recover from a cyberattack. It sets standards that have to be reviewed regularly and requires that third-party service providers’ cybersecurity programs are evaluated. In a statement, Cuomo said the regulation will help guarantee that the “financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyberattacks to the fullest extent possible.”