Monday, August 28, 2017 marked the first compliance deadline for the New York Department of Financial Services' (NYDFS) cybersecurity regulation 23 NYCRR 500. For those of you in organizations regulated by the DFS, you probably already know 23 NYCRR 500 was first implemented in March last year with the goal of establishing minimum security guidelines to protect financial institutions and their customers from cyber attacks. The requirements span several security areas, but one recurring theme is the need for visibility into risks and ensuring only the right people have access to sensitive data. Read on for an overview of the regulation and how identity and access management can help with several of these compliance requirements. I’m not based in NY – why should I care? At first glance, it may look like you’re off the hook if you’re not part of a banking, insurance, or financial organization regulated by.