Limited Exempt
100% Compliance Guaranteed!
Limited Exempt companies need to comply with
9 out of 16 sections of the NYS DFS Cybersecurity regulation.
| The 9 Required Sections |
|---|
| 500.02 Cybersecurity Program |
| 500.03 Cybersecurity Policies |
| 500.07 Access Privileges and Management |
| 500.09 Risk Assessment |
| 500.11 Third Party Service Provider Security Policy |
| 500.12 Multi-Factor Authentication |
| 500.13 Asset Management incl. Data Segmentation, Retention & Destruction Requirements |
| 500.14 Monitoring and Training |
| 500.17 Notices to Superintendent |
Companies that enjoy a limited exemption to DFS Part 500
| Most Popular | |||
|---|---|---|---|
| Absolute Security 360 DFS Compliance Solution | Core Compliance | Done-For-You Compliance |
Done-For-You Compliance Complete |
| Full Access to AS360 Cybersecurity Compliance Portal | |||
| Complete Set of DFS Required Cyber and Business Policy Templates | |||
| Employee Cybersecurity Awareness Training | |||
| Weekly Cybersecurity Training Refreshers | |||
| Social Engineering Training (Simulated Phishing) | |||
| Anti-Virus/Anti-Malware Endpoint Security Suite | |||
| Anti-Ransomware Protection w/ Cyber Event Forensics | |||
| Web Filter Security Suite | |||
| Security Agent for Operating System and Third Party Patching | |||
Email & File Encryption |
|||
| Multi-Factor Authentication | |||
| Password Manager | |||
| MS 365 or Google Business Workspace backup | |||
| Quarterly Vulnerability Scans | |||
| Managed Firewall | |||
| Monthly UTM Security Subscription for the Firewall | |||
| Advanced Cybersecurity Event (ACE) Appliance for Network Detection, Alerting & Response | |||
| Single Pane of Glass SIEM to Monitor, Manage & View Cyber Events for DFS Reporting | |||
| DFS Required 5-Year Retention of all material security events and reporting | |||
| Quarterly Reminders of Data Retention & Destruction Requirements | |||
| Addendum for Third Party Service Providers | |||
| Incident Response Plan Template | |||
| Compliance Deadline Reminders | |||
| Continuous Adaptation of AS360 to NYS DFS Rule Changes | |||
| Done-for-You – Initial Risk Assessment | |||
| Done-for-You – Asset Inventory & Management including End-of-Life Protocols | |||
| Done-for-You – Third Party Vendor Management for Security Compliance | |||
| Done-for-You – Customized Cyber and Business Policies | |||
| Done-for-You – Monthly Compliance Alignment Review | |||
| Done-for-You – Responses to NYS DFS inquires | |||
| Done-for-You – Cyber Event Reporting to NYS DFS | |||
| Done-for-You – NYS DFS vCISO requirement | |||
| Done-for-You – NYS DFS Audit Responses to First Day Letter and other DFS requests | |||
| Done-for-You – NYS DFS Compliance Filings | |||
| Done-for-You – Hardening of Endpoints for Compliance | |||
| Done-for-You – Continuous Vulnerability Scanning & Management | |||
| Done-for-You – Testing of Role-Based Least Privileged Access | |||
| Done-for-You – Incident Response Plan Creation & Testing | |||
| Done-for-You – Business Continuity & Disaster Recovery Testing (includes BCDR appliance) | |||
| Done-For-You – Social Media Compliance Reporting for ALL Company MLOs | |||
| Annual Risk Assessment | |||
| Annual Penetration Test | |||
| Annual Policy Alignment Review, Update & Attestation | |||
| Estimated monthly time – for client | 5 hrs | 0 hrs | 0 hrs |
| Estimated setup time – for client | 3 hrs | 3 hrs | 8 hrs |
| Monthly fee | $297 | $497 | $997 |
| Setup fee (new clients only) | $2,497 | $5,997 | $8,497 |
* Risk Assessment - Done-For-You Compliance clients include a Risk Assessment Review only. We offer preferred pricing if a full Risk Assessment is required. Contact your Client Advocate for more information.
1 Core Compliance - up to 10 users; $14 per user thereafter
2 Done-For-Your Compliance - up to 10 users; $28 per user thereafter
3 Done-For-Your Compliance Complete - up to 10 users; $42 per user thereafter
Min. 3 year commitment
Setup fee may change for user counts > 10 and/or networks with VOIP or other high-bandwidth internet applications
