Originally published in 2017, 23 NYCRR 500 was a first-in-the-nation attempt at creating standards for the financial services industry in protecting nonpublic information. These amendments would be the first major changes to the regulation since its adoption. The publishing of the regulation in the State Register begins a 60-day comment period. During this time, the public is encouraged to submit comments.
When the comment period ends, DFS is required by law to review all received comments and either repropose a revised version or adopt the final regulation.
PIA explains the amendments
PIA had the opportunity to review and comment on an earlier version of the amendments. Here is a section-by-section detailed analysis of the proposed amendments.
If you are looking for a quick overview of the amendments, you can find it here.
For more information on multi-factor authentication, check out these articles:
Capacity enhancement guide—implementing strong authentication.