NYDFS Readiness
The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a new set of regulations from the NY Department of Financial Services (NYDFS) that places cybersecurity requirements on all covered financial institutions. The rules require covered institutions to develop and implement an effective cybersecurity program, assess their cybersecurity risks and develop plans to proactively address those risks.

NYDFS Readiness Assessment
In response to increasing cybersecurity risks to the financial institutions, in March 2017, the New York Department of Financial Services instituted 23 NYCRR 500, a cybersecurity regulation unlike any other. The regulation establishes minimum security requirements to protect financial institutions’ data and their customers from cyberattacks.
Building on over a decade of experience helping government, healthcare, finance, and wider enterprise organizations meet their data compliance requirements, Valorr is actively supporting customers preparing for the NYDFS Cybersecurity Regulation. By helping organizations secure data, manage risk, and audit data handling processes, Valorr delivers practical solutions to a complex list of compliance requirements.
Our Approach
Our readiness assessment is built to align with regulatory requirements and enhanced with industry-recognized security frameworks, including the NIST CSF, NIST 800-53, CIS Top 20, and PCI DSS. We leverage an established capability maturity model index (CMMI) to objectively evaluate your program and provide realistic maturity rankings across industry standards.
Phase 1
Project Planning
Project Planning
Phase 2
Program Analysis
Program Analysis
Phase 3
Strategic Roadmap
Strategic Roadmap
Phase 1:
Project Planning and Kick-Off
During Phase 1, the Valorr team collaborates with you to establish the objectives and scope for this engagement, as well as communication methods and a cadence for status reporting. Following this initial step, we coordinate document and interview requests with your team.
- Clear engagement objectives
- Established communication methods
- Document and interview requests
Phase 2:
Program Analysis
During Phase 2, our team holds both on-site and remote discovery sessions with key stakeholder and subject matter experts within your organization. Following this step, our team builds a current state gap analysis of your policies, procedures and technologies against industry standards.
Using our Capability Maturity Model, we evaluate each domain across your security program. As a result of this analysis, we are able to identify process inefficiencies and areas for improvement.
- Analysis of the current conditions of your IT infrastructure, business processes and utilized technologies
- Identify process inefficiencies and areas for improvement.
- Understanding of the confidentiality, integrity and availability of business systems.
Phase 3:
Strategic Roadmap
In the final phase of the Valorr assessment, our team communicates the findings of our analysis to your leadership team, helping you gain executive buy-in for the most immediate risks facing your organization.
During this phase, we establish achievable target cyber maturity goals for your program, provide future state recommendations and deliver an action-based roadmap for short-term and long term cyber maturity.
- Alignment across cybersecurity priorities, organizational objectives and policies.
- Improved decision-making around the level of risk associated with the current business environment.
- More efficient resource allocation
- Increased investment in future projects
Different From the Rest
At Valor, we take a different approach to implementing and managing cybersecurity.
Actionable Deliverables
Our assessment process doesn't just point out your weaknesses and the urgent need for change. It provides clear, action-based guidance for addressing key security risks and improving your overall risk posture.
Ongoing Support
We never deliver a report and leave our partners, we often stay onboard to help them implement our recommendations and mature their programs. We work hard to collaboratively help execute your strategic roadmap.
End-to-End Services
Valor provides a full lifecycle suite of services and end to end support services. We have experts in security program development, data privacy and business resilience to help you improve across all risk domains.
Have A Question?
Valor is excited to take on your biggest business risk challenges. Please complete this short form and we will get in touch with you.