New York State Dept of Financial Services Title 23 NYCRR Part 500 Deployment Guide
This guide describes how to implement the LogRhythm NY DFS Compliance Automation Suite. This suite provides pre-bundled content such as AIE Rules, Alarms, Investigations, and Reports that help organizations pursue compliance around NY DFS data security objectives. In addition, this guide provides control mapping between LogRhythm SIEM and control objectives contained within NY DFS. NY DFS regulation focuses on the implementation and development of information security best practices in covered entities policies, practices, and procedures while operating in the financial industry.
After you configure the automation suite, the LogRhythm Platform Manager includes the proper components needed for NY DFS compliance. AIE Rules, Alarms, Investigations, and Reports are automatically associated with the correct NY DFS objectives. You can then schedule Reports for periodic generation and delivery or generate them on demand for various audiences. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's cardholder data systems.
LogRhythm content is mapped to control objectives across the NY DFS frameworks and designed to be utilized by various audiences including internal and external audit, executive management, control owners, program developers, IT security, IT operations, and other individuals or groups involved in the audit cycle.
Intended Audience
This guide is intended for LogRhythm Enterprise administrators and analysts who are responsible for maintaining compliance with various NY DFS requirements. Further, monthly and weekly Reporting Packages can be established to provide forensic evidence and audit data to appropriate audiences for distribution. These groups include Security Operations, Security Management, IT Operations, Audit, and Executive Management. These reporting packages, the content included, and the frequency can be adjusted according to the needs of your audience.
The guide is divided into the following sections: