NYDFS raised the bar on testing.
A continuous adversary clears it.
The NYDFS cybersecurity rule asks NYDFS-regulated financial institutions for annual penetration testing and regular vulnerability assessments, based on your risk assessment. SpartanX supports that program with a continuous adversary that proves exploitability inside and out. It supports your program and complements your assessor; it does not make you compliant on its own.
Annual penetration testing, and ongoing vulnerability assessment.
Section 500.5 of 23 NYCRR Part 500 requires covered entities to conduct penetration testing of information systems at least annually, from both inside and outside the network perimeter, and to run automated scans and manual reviews for vulnerabilities on a schedule set by risk. The amended rule tightened expectations, with heightened requirements for larger Class A companies, and continuous validation is increasingly the practical standard.
NYDFS-regulated financial institutions.
Part 500 covers entities licensed or regulated by the New York Department of Financial Services, including banks, insurers, and many financial-services firms operating in New York. Your information systems, inside and outside the perimeter, are in scope, which is exactly the ground an adversary works.
Inside and outside the perimeter, on a continuous cadence.
Examination-ready, continuously.
You get inside-and-outside testing that does not wait for the annual window, exploit-validated findings, and a live evidence trail, so a NYDFS examination finds a program that is current, not a report that has aged.
Support your NYDFS testing program with a continuous adversary.
See how SpartanX proves exploitability inside and out and hands you the evidence.