skip to Main Content


Stronghold Cyber Security is a veteran-owned cyber security company located near historic Gettysburg, Pennsylvania that provides cutting-edge security services to businesses throughout the country. Service offerings include regulatory compliance, penetration testing, advanced cyber risk management, along with customized cyber security programs.

Get In Touch

Phone: 1-800-378-1187
Phone: 717-549-4009
Address: Gettysburg, PA

Our Location

Does your financial institution fall under the NYDFS cybersecurity regulation 23 NYCRR 500? If so, we can help by getting you 23 NYCRR 500 compliant and KEEPING it that way!
NYDFS Cybersecurity Regulation: What Is It?

NYDFS Cybersecurity Regulation (23 NYCRR 500) is a set of regulations from the NY Department of Financial Services (NYDFS) which took effect on March 1, 2017 that requires financial institutions to enact a complete cyber security program.

23 NYCRR 500 Regulation: Who does it apply to?

Any entity that is supervised by the Department of Financial Services, including:

    • Banks
    • Credit Unions
    • Insurance Companies
    • Investment Companies
    • Mortgage Lenders
    • Financial Service Centers
    • Mortgage Lenders
    • Service Providers
    • Private Bankers
    • Brokers / Dealers

23 NYCRR 500 Regulation: Who is exempt?

There are limited exemptions to the NYDFS Cybersecurity Regulation on covered entities.  This does not mean that an entity is completely exempt from the 23 NYCRR 500 regulation, just that certain sections may not apply.  These exemptions are:

  • fewer than 10 employees, including any independent contractors, of the Covered Entity or its Affiliates located in New York or responsible for business of the Covered Entity, or
  • less than $5,000,000 in gross annual revenue  in each of the last three fiscal years from New York
    business operations of the Covered
    Entity and its Affiliates, or
  • less than $10,000,000 in year-end total assets
23 NYCRR 500 Compliance: How To Get There
  • Maintain a complete cyber security program which includes policies and procedures on how to detect, respond, and recover from a cyber security event, as well as how to fulfill applicable regulatory reporting obligations
  • Implement a Chief Information Security Officer (CISO)
  • Maintain a written cyber security policy
  • Perform periodic penetration testing and vulnerability assessments
  • Perform periodic risk assessments of information systems

This list may appear to be quite daunting.  However, Stronghold Cyber Security can assist with EVERY aspect of the NYDFS Cybersecurity Regulation, including the ongoing requirements of periodic assessments and penetration testing.  We not only GET your financial institution 23 NYCRR 500 compliant, we can KEEP it there!

Want to know more about how we can help you with NYDFS cybersecurity compliance?  Get a FREE consultation to see how your business needs to comply with NYDFS (23 NYCRR 500).  Call 1-800-378-1187, email or fill out the form at the right to get started.

NYDFS Compliance
To have one of our NYDFS cyber security regulation experts contact you with a FREE 23 NYCRR 500 consultation, please fill out the form below.

What are you waiting for? Give us a call to see how Stronghold Cyber Security can assist your company with NYDFS Cybersecurity Regulation compliance! 1-800-378-1187
Back To Top