The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) establishes cybersecurity requirements for financial services companies operating under NYDFS authorization. It requires these entities to assess their cybersecurity risk and implement a program with specific technical safeguards.