NYDFS is proposing a new amendment that compliance, security, and development teams should be particularly concerned about one of the areas covered in the new amendment – the requirement to maintain an inventory of all software API endpoints. This is a tall order since most organizations have APIs they don’t even know about. And you can’t inventory what you don’t know is there.
The New York State Department of Financial Services (DFS) has proposed an amendment to its 2017 Cybersecurity Regulation (also known as 23 NYCRR Part 500). The 2017 regulation was one of the first of its kind and served as the model for many other regulations nationally and internationally. The proposed amendment would significantly expand the requirements that covered entities need to follow.