Altius Satisfies NYCRR 500 Requirements

New York State cyber security regulation 23 NYCRR 500 includes 14 requirements for firms to achieve certification.    Our cyber security solution, AltiusCS, automates the the design, implementation, and ongoing execution of cyber security programs, satisfying the needs of the NYCRR 500 requirements and simplifying the process for firms to obtain their compliance certificate.   Contact an Altius Representative to Learn More.

Affiliate’s Program (500.02):

The proposed regulation allows an entity to adopt a cybersecurity program maintained by an affiliate (assuming it qualifies). This avoids each entity in a family of entities from developing and maintaining a separate cybersecurity policy and allows for an overall group policy.    

AltiusCS supports affiliate reporting and oversight by enabling firms to create a single control based cyber security program that can be administered and tracked across all of their affiliates.

Cybersecurity Policy (500.03):

An entity’s cybersecurity policy, which under the revised proposal will be based on the entity’s Risk Assessment, need only address the areas applicable to the entity’s operations. Asset inventory and device management were added to the now fourteen items to be addressed in the cybersecurity policy (to the extent applicable).

AltiusCS simplifies the process of creating responsive, enterprise-level cyber security and incident response strategies.   Our automated solution then turns those strategies into cyber security programs (action plans) leveraging a composite of governance, process, organizational, and technical controls to deliver the results your business requires.

CISO (500.04):

The proposed regulation also allows an entity to designate an affiliate’s CISO, use a third party provider to fulfill the role, or designate an employee as its CISO. The CISO need only report annually on the entity’s cybersecurity program (as opposed to bi-annually), to the entity’s board of directors.  

Altius Advisors provides a Virtual CISO program that will develop, implement, and maintain a robust enterprise cyber security program for firms without a CISO.

Outsourcing (500.10):

Cyber security personnel no longer have to be employed by the entity, but can be employees of an affiliate or a third party service provider. The training that must be provided to cybersecurity personnel need only be sufficient to address relevant cybersecurity risks to the entity.  

AltiusCS automates many of the tasks related to designing, implementing and managing an enterprise cyber security program reducing a firms need to provide dedicated cyber security resources.   Altius Advisors is staffed by a team of cyber security experts who can fill in the remaining gaps.   The result is a complete "Virtual CISO" solution enabling firms to deploy robust, effective cyber security programs with minimal resources.