en flag +1 214 306 68 37

NYDFS Compliance Cybersecurity Assessment

In cybersecurity since 2003, ScienceSoft helps BFSI companies operating in New York state evaluate and achieve compliance with the NYDFS Cybersecurity Regulation.

NYDFS Compliance Cybersecurity Assessment – ScienceSoft
NYDFS Compliance Cybersecurity Assessment – ScienceSoft

NYDFS compliance cybersecurity assessment is aimed to show how well a company meets the latest NYDFS Cybersecurity Regulation requirements at the strategic, administrative, and technical levels. It involves the review of the existing security program, policies, and measures to help discover and close the existing compliance gaps. It may also include risk assessment, penetration testing, and vulnerability assessment, which are integral to the NYDFS cybersecurity requirements.

Who Needs NYDFS Cybersecurity Assessment

The NYDFS Cybersecurity Regulation applies to all the DFS-regulated entities operating in New York state as well as third-party service providers servicing these regulated entities. ScienceSoft is ready to conduct NYDFS cybersecurity assessment for:

Banking institutions

  • Banks and trust companies.
  • Domestic representative offices.
  • Agencies, branches, representative offices of foreign banking organizations.
  • Private bankers.
  • Mortgage bankers.
  • Credit unions.
  • Investment companies.
  • Savings banks and savings & loan associations.

Insurance service providers

  • Health insurers (including non-profit health services, medical/dental expense indemnity corporations, HMOs).
  • Life insurers (including public pension funds, fraternal benefit societies, retirement systems, annuity societies, life settlement companies, union welfare funds).
  • Property and casualty insurers.
  • Reinsurance companies, and more.

Other financial service providers

  • Virtual currency businesses.
  • Licensed lenders.
  • Budget planners.
  • Check cashers.
  • Mortgage brokers.
  • Money transmitters.
  • Consumer credit reporting agencies.
  • Service contract providers.
  • Safe deposit companies.
  • Holding companies.
  • Premium finance agencies.
  • Charitable foundations, and more.

How Our NYDFS Cybersecurity Assessment Unfolds

Step 1

Step 2

Step 3

ScienceSoft’s Penetration Testing Consultant, CEH

According to the amended NYDFS Cybersecurity Regulation, a company must undergo regular risk assessment (once a year as a minimum, according to the proposed amendments), penetration testing at least once a year, and vulnerability assessment — at least twice a year. It is also important to keep up with the latest amendments introduced to the NYDFS regulations and promptly involve reliable regulatory consultants to help you stay compliant.

Deliverables You Get After NYDFS Compliance Cybersecurity Assessment

ScienceSoft is ready to provide detailed reports describing your company’s current security posture and the measures needed to achieve compliance with the NYDFS Cybersecurity Regulation. Depending on the scope of our services, they may include:

Compliance scope report with the inventory of data, software, and IT infrastructure components that influence your NYDFS compliance.

Report on the existing security policies with improvement recommendations.

Penetration testing and vulnerability assessment reports with the description and prioritization of the detected vulnerabilities and the required corrective measures to fix them.

Report on employee compliance awareness, including social engineering campaign results.

Risk assessment report describing the potential threats, vulnerabilities, the likelihood and impact of their exploitation.

Gap analysis report comparing the as-is state against the required compliance state.

A comprehensive roadmap for the strategic and tactical measures required to ensure full compliance with the NYDFS Cybersecurity Regulation.

What Our Customers Value

ScienceSoft proved to be a reliable and agile technology partner. We especially appreciate their professional approach to security issues, which were among our main concerns due to strict regulations.

We are fully satisfied with our partnership with ScienceSoft. Their team provided penetration testing in a timely and professional manner and gave us valuable recommendations on improving the security of our web apps and the external IP address.

The team has been delivering results within budget and time. I’m absolutely satisfied with the quality of their services, their development skills and responsibility as well as the way they manage communication with us and our clients. I fully recommend ScienceSoft as a reliable IT partner!

Why ScienceSoft

  • 21 years in cybersecurity, a solid portfolio of successfully completed projects.
  • 19 years of experience in IT services for banking and finance, 12 years – for the insurance industry.
  • Seasoned compliance consultants, IT security engineers, and Certified Ethical Hackers on board.
  • Mature quality management and customers’ data security ensured by ISO 9001 and ISO 27001 certificates.
  • Recognized as Top Penetration Testing Company by Clutch.
  • ScienceSoft is a 3-Year Champion in The Americas’ Fastest-Growing Companies Rating by the Financial Times.

Trusted by global brands:

Major NYDFS Compliance Cybersecurity Assessment Concerns We Handle

Challenge 1

It is difficult to find a competent vendor who combines cybersecurity expertise, experience in the BFSI industry, and knowledge of NY-specific regulations.



After 19 years of providing IT services to the banking and financial services industry, we deeply understand BFSI specifics and stay aware of the latest domain regulations. As a software development and IT consulting company, we know how to secure software and IT infrastructure against the latest cyber threats. And finally, we can competently handle the NYDFS cybersecurity requirements as they are based on the NIST 800-53 framework that we have been mastering for years.


Challenge 2

A high-level assessment that will only state our NYDFS compliance level is not enough. We need actionable insights and real improvements in our IT security.



ScienceSoft’s assessment is followed by actionable guidance at the strategic and technical levels. To ensure both NYDFS compliance and reliable protection of your IT assets, we offer practical help:

  • Adjusting your existing security policies or designing them from scratch.
  • Implementing technical security controls that will work best for your specific IT environment.
  • Scheduling and conducting regular risk assessment, penetration testing, and vulnerability assessment to keep you protected against emerging cyber threats.
  • Checking and helping enhance your employees’ cyber awareness through social engineering campaigns, security training, and more.


On Guard of BFSI Security: ScienceSoft’s Selected Projects

AWS Cloud Security Assessment and Recurring Infrastructure Pentesting for a US Insurance Company

AWS Cloud Security Assessment and Recurring Infrastructure Pentesting for a US Insurance Company

As a part of a long-term security partnership, ScienceSoft performed two annual penetration tests of the IT infrastructure and AWS cloud security assessment for a US insurance company. Following ScienceSoft’s recommendations, the Customer managed to achieve and maintain a high security level of its IT environment.

Pentesting of Blockchain Software and IT Infrastructure for a Fintech Company

Pentesting of Blockchain Software and IT Infrastructure for a Fintech Company

ScienceSoft performed black box and gray box penetration testing for a US fintech company that delivers Bitcoin wallets, crypto ATM solutions, and other blockchain software. As a result, the Customer enhanced the security of its mobile and web applications and reliably protected its IT infrastructure.

Web Application Penetration Testing for a European Bank

Web Application Penetration Testing for a European Bank

ScienceSoft performed black box penetration tests of web applications for a bank with $300M+ in total assets and more than 40 national branches. The testers revealed 4 types of vulnerabilities and drew up a detailed remediation plan to ensure reliable protection of sensitive payment information.

Web Platform Pentesting and Data Breach Consulting for a Trading Services Provider

Web Platform Pentesting and Data Breach Consulting for a Trading Services Provider

ScienceSoft performed gray box penetration testing of a trading platform. Pentesting was following a data breach and was aimed to investigate its causes and help report the breach mitigation efforts to the regulatory authorities on time.

API Security Testing for a European Bank

API Security Testing for a European Bank

ScienceSoft's Certified Ethical Hackers conducted black box pentesting and security code review of an API for a European bank with $400M+ in assets and more than 100 physical branches across the country.

Choose Your Service Option

Full assessment

We apply our expertise in regulatory compliance and IT security management to thoroughly check each aspect required by the NYDFS Cybersecurity Regulation and offer the necessary improvements.

I'm interested

Assessment against the latest NYDFS amendments

Laser-focusing on the changes to be brought by the latest amendments, we help proactively implement the required measures and stay compliant.

I'm interested

Assessment and remediation

We guide you through every step to NYDFS Cybersecurity compliance, taking over all the required assessment and remediation activities.

I'm interested

Invest in NYDFS Cybersecurity Compliance Now or Pay More Later


was the cybersecurity compliance breach penalty levied by NYDFS on a crypto trading service provider in 2022.


is the average cost of a data breach in the financial industry, according to the IBM Cost of a Data Breach Report 2022.

We Know How to Secure Your IT – and Prove It to NYDFS

ScienceSoft’s security experts are here to help you promptly implement the cybersecurity controls required by the NYDFS Cybersecurity Regulation. Reach out to our team to stay compliant and protect your IT assets against the latest security threats.