How to Meet NYDFS Mandates with Identity & Access Management

Introduction

Given the advent of new and evolving compliance regulations, including recent landmark mandates from the New York Department of Financial Services (NYDFS), impacted technology professionals need to ensure that their organizations employ modern solutions that augment the capabilities of traditional Identity and Access Management (IAM).

This white paper is designed for Information Technology (IT) and Information Security (IS) professionals and technology-focused executives, and reviews the NYDFS IAM-related mandates and their impact on the organizations that are subject to them (“Covered Entities”), as well as specific solutions from Okta, including Adaptive MFA and Lifecycle Management, that can help Covered Entities ensure compliance with the new NYDFS mandates. Please note that this white paper, while discussing legal topics and analyzing certain regulations, does not constitute legal advice. If you or your organization needs legal advice regarding the topics covered here, please contact an attorney.

All content included by Okta in this white paper is provided for informational purposes only.

On March 1, 2017, the NYDFS Cybersecurity Requirements went into effect as defined under 23 NYCRR Part 500. The new rule applies to nearly 1,900 banking and other financial institutions, whose collective assets total more than $2.9 trillion, and all insurance companies that do business in New York state, which includes nearly 1,700 insurance companies whose collective assets exceed $4.2 trillion. The new mandates affect licensed lenders, state-chartered banks, trust companies, service contract providers, private bankers, mortgage companies, insurance firms doing business in New York, non-U.S. banks licensed to operate in New York, and many other organizations. NYDFS mandates cast a wide net—far beyond just fi