ֿ
Entitle aligns with NYCRR 500 requirements, aiding financial companies with privilege management, third-party access limits, and incident response.
Find a time to chatRecent attempts to exploit vulnerabilities for accessing sensitive electronic data highlight the potential financial losses for DFS-regulated entities and NY consumers. As a result, the NY Department of Financial Services emphasizes the need for regulatory standards that balance risk, technology, and protection. This regulation mandates personalized risk assessments, robust cybersecurity programs overseen by senior management, and annual compliance certifications, all aimed at safeguarding customer information and institutional integrity.
Section 500.7: "Each Covered Entity shall limit user access privileges to information systems that provide access to Nonpublic Information..."
Solution - multi-cloud just-in-time access
By automating the process of requesting, granting and revoking access, it becomes possible to provide and audit temporary and granular privileges.
Section 500.7: "...and shall periodically review such access privileges."
Solution - automated access reviews
Generate audit-ready reports by automatically collecting evidence and easily delegating reviews to relevant managers.
Section 500.11(b1): "The Third Party Service Provider’s policies and procedures for access controls....to limit access to relevant Information Systems and Nonpublic Information."
Solution - temporary 3rd-party access
Enforce access duration guardrails to ensure permissions are revoked when the job is done.
Section 500.16: "Incident response plan shall address....the internal processes.... definition of clear roles, responsibilities.... external and internal communications and information sharing."
Solution - self-service privilege escalation for on-call teams
During incidents, on-call engineers and/or incident response teams can escalate their privileges to investigate and respond.
Section 500.14: "Implement risk-based policies, procedures and controls designed to monitor the activity of Authorized Users and detect unauthorized access or use of, or tampering with, Nonpublic Information by such Authorized Users"
Solution - respond to unusual permissions
Feed your SIEM with audit logs through Entitle's API-first platform to identify anormal permissions. Your admins can easily flag, revoke, or keep permissions.