Limited Exempt
100% Compliance Guaranteed!
Limited Exempt companies need to comply with
9 out of 16 sections of the NYS DFS Cybersecurity regulation.
The 9 Required Sections |
---|
500.02 Cybersecurity Program |
500.03 Cybersecurity Policies |
500.07 Access Privileges and Management |
500.09 Risk Assessment |
500.11 Third Party Service Provider Security Policy |
500.12 Multi-Factor Authentication |
500.13 Asset Management incl. Data Segmentation, Retention & Destruction Requirements |
500.14 Monitoring and Training |
500.17 Notices to Superintendent |
Companies that enjoy a limited exemption to DFS Part 500
Absolute Security 360 DFS Compliance Solution | Core Compliance | Done-For-You Compliance |
Done-For-You Compliance Complete |
---|---|---|---|
Full Access to AS360 Cybersecurity Compliance Portal | |||
Complete Set of DFS Required Cyber and Business Policy Templates | |||
Employee Cybersecurity Awareness Training | |||
Weekly Cybersecurity Training Refreshers | |||
Social Engineering Training (Simulated Phishing) | |||
Anti-Virus/Anti-Malware Endpoint Security Suite | |||
Anti-Ransomware Protection w/ Cyber Event Forensics | |||
Web Filter Security Suite | |||
Security Agent for Operating System and Third Party Patching | |||
Email & File Encryption |
|||
Multi-Factor Authentication | |||
Password Manager | |||
MS 365 or Google Business Workspace backup | |||
Quarterly Vulnerabilty Scans | |||
Managed Firewall | |||
Monthly UTM Security Subscription for the Firewall | |||
Advanced Cybersecurity Event (ACE) Appliance for Network Detection, Alerting & Response | |||
Single Pane of Glass SIEM to Monitor, Manage & View Cyber Events for DFS Reporting | |||
DFS Required 5-Year Retention of all material security events and reporting | |||
Quarterly Reminders of Data Retention & Destruction Requirements | |||
Addendum for Third Party Service Providers | |||
Incident Response Plan Template | |||
Compliance Deadline Reminders | |||
Continuous Adaptation of AS360 to NYS DFS Rule Changes | |||
Done-for-You – Initial Risk Assessment | |||
Done-for-You – Asset Inventory & Management including End-of-Life Protocols | |||
Done-for-You – Third Party Vendor Management for Security Compliance | |||
Done-for-You – Customized Cyber and Business Policies | |||
Done-for-You – Monthly Compliance Alignment Review | |||
Done-for-You – Responses to NYS DFS inquires | |||
Done-for-You – Cyber Event Reporting to NYS DFS | |||
Done-for-You – NYS DFS vCISO requirement | |||
Done-for-You – NYS DFS Audit Responses to First Day Letter and other DFS requests | |||
Done-for-You – NYS DFS Compliance Filings | |||
Done-for-You – Hardening of Endpoints for Compliance | |||
Done-for-You – Continuous Vulnerability Scanning & Management | |||
Done-for-You – Testing of Role-Based Least Privileged Access | |||
Done-for-You – Incident Response Plan Creation & Testing | |||
Done-for-You – Business Continuity & Disaster Recovery Testing (includes BCDR appliance) | |||
Annual Risk Assessment | |||
Annual Penetration Test | |||
Annual Policy Alignment Review, Update & Attestation | |||
Estimated monthly time – for client | 5 hrs | 0 hrs | 0 hrs |
Estimated setup time – for client | 3 hrs | 3 hrs | 8 hrs |
Monthly fee | $297 | $497 | $997 |
Setup fee (new clients only) | $2,497 | $5,997 | $8,497 |
1 Core Compliance - up to 10 users; $8 per user thereafter
2 Done-For-Your Compliance - up to 10 users; $18 per user thereafter
3 Done-For-Your Compliance Complete - up to 10 users; $28 per user thereafter
Min. 1 year commitment
Setup fee may change for user counts > 10