Drata supports NYDFS Part 500

Drata now supports NYDFS Part 500 (23 NYCRR 500)—New York State’s cybersecurity regulation for financial services organizations. Part 500 establishes strict requirements for protecting nonpublic information, covering areas such as risk assessments, access controls, encryption, incident response, and third-party oversight. Compliance is mandatory for any entity regulated by the New York State Department of Financial Services (NYDFS), including banks, insurance companies, mortgage lenders, and many fintech companies.

Who should care

NYDFS Part 500 applies to financial services organizations operating in or serving customers in New York State, as well as service providers handling covered data on their behalf.

Why it matters

• Financial Services Trust Builder: Expands Drata’s support for highly regulated industries by covering one of the most stringent U.S. state-level cybersecurity regulations.

• Regulatory Clarity: Clear, actionable requirements help customers meet obligations with confidence and reduce regulatory risk.

• Continuous Compliance: Annual certifications, continuous monitoring, and detailed reporting align seamlessly with Drata’s automation-first approach.

• Unified Framework Experience: Works alongside frameworks like SOC 2, ISO 27001, and PCI DSS for centralized monitoring across multiple compliance programs.