New York’s new guidance on third-party service provider cyber risk

Image of a laptop computer screen. — *Photo: Lisa Maree Williams/Getty Images*

October 24, 20255 min read

The guidance does not impose new requirements; it helps NYDFS-regulated institutions meet existing obligations in light of evolving vendor-related cybersecurity risks.

The New York Department of Financial Services has issued new guidance on cybersecurity risks connected to third-party service providers.

Acting Superintendent Kaitlin Asrow announced it, highlighting the risks related to entities becoming increasingly reliant on third-party service providers (TPSPs).

She said the guidance builds on NYDFS’s ongoing efforts to protect

23 NYCRR 500, Cybersecurity, Industry, NYDFS, Third-party risk management, Third-party vendors, US Content

Subscribe to continue reading

Subscribe for free to read a limited selection of articles like this one, or get a premium plan for unlimited access to all of them and more.

Subscribe Sign in

What you get with a premium plan:

Ad-free experience across all content
Daily regulatory insight and practical guidance
Unlimited access to all articles
Exclusive interviews, event coverage, and in-depth analysis
Every podcast and video featuring trusted industry experts
Full set of Rules Navigator tools

Latest News

Former pharma CEO agrees $30k settlement with SEC over fraud allegations

DOJ fraud division launches west coast healthcare fraud ‘strike force’

DOJ and CFTC bring first parallel insider trading cases, signaling new enforcement era

Latest News

Former pharma CEO agrees $30k settlement with SEC over fraud allegations

FDA issues ‘largest-ever’ testing results for US infant formula

DOJ program invites data-mining whistleblowers

Latest News

Strategic privacy KPIs: Aligning metrics with program goals

"The most effective programs are built on principles that translate across borders," says Ericka Watson

UK government concerned about AI-driven cyber threats in wake of Mythos arrival

Latest News

A comprehensive guide to the FCA’s new non-financial misconduct rules

Podcast: Samantha Gloede, Global Head of Risk Services, KPMG

SIFMA Compliance and Legal Conference – a candid appraisal

Latest News

DOJ fraud division launches west coast healthcare fraud ‘strike force’

FDA issues ‘largest-ever’ testing results for US infant formula

DOJ and CFTC bring first parallel insider trading cases, signaling new enforcement era

New York’s new guidance on third-party service provider cyber risk

Subscribe to continue reading

What you get with a premium plan: