What's 23 NYCRR 500?

Virtual Auditor can help Covered Entities that are subject to New York's Cybersecurity Regulation (23 NYCRR Part 500) build, maintain, monitor, and improve a cyber security program that will meet and exceed Part 500.

VA is Your Pathway to Compliance

Here are some key dates to keep in mind as you plan and build your program. Contact Virtual Auditor today to see how we can help, completely, quickly, and affordably!

  • March 1, 2017 - 23 NYCRR Part 500 became effective.
  • August 28, 2017 - 180 day transitional period ended. Covered Entities are required to be in compliance with requirements of 23 NYCRR Part 500 unless otherwise specified.
  • February 15, 2018 - Covered Entities are required to submit the first certification under 23 NYCRR 500.17(b) on or prior to this date. VA can help!
  • March 1, 2018 - One year transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.04(b), 500.05, 500.09, 500.12 and 500.14(b) of 23 NYCRR Part 500.
  • September 3, 2018 - Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500.
  • March 1, 2019 - Two year transitional period ends. Covered Entities are required to be in compliance with the requirements of 23 NYCRR 500.11.
  • Get VA’s help with Part 500 now!
  • Learn more about the regulation here (PDF).
23 NYCRR 500

Don't be Incompliant!

Learn how VA's continuous monitoring let's Executives know the state of information security constantly, in an understandable format.

learn more

GET SOCIAL