AFSA Comments on Revised New York Cybersecurity Proposal January 27, 2017 On January 27, AFSA submitted a comment letter to the New York Department of Financial Services (NYDFS) regarding its revised proposed cybersecurity requirements. NYDFS released its first cybersecurity proposal in September 2016, and AFSA filed comment in November. After industry backlash, NYDFS proposed a revised set of rules that would give companies more room to establish cybersecurity programs based on internal risk assessments. AFSA’s letter included proposed revisions to the requirements of a Cybersecurity Program; requests for clarification regarding Chief Information Security Offices, Risk Assessment compliance, and Third Party Service Provider reporting. AFSA also requested that NYDFS broaden the exemptions for certain covered entities. The revised rules are set to go into effect on March 1. AFSA will continue to monitor the rulemaking process and keep members apprised of any future changes to the cybersecurity requirements.