Similar Standards
National Institute of Standards and Technology (NIST)
The NIST Cybersecurity Framework, considered the gold standard for cybersecurity in the US. The Framework provides a set of cyber activities, outcomes, and information common across different internet sectors.NIST provides five elements, or core functions of the framework: Identify; Protect; Detect; Respond; and Recover
NIST Cybersecurity Framework
European Union General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of the European Union (EU) data subjects. The GDPR protects the rights and freedoms of personal information in the attempts to prevent data breaches from occurring.The GDPR also imposes fines on entities that do not maintain compliance with the mandates.GDPR went into effect on May 25, 2018.General Data Protection Regulation
Federal Trade Commission
The FTC's Standards for Safeguarding Customer Information Rule ('Safeguards Rule') was created to safeguard the security of customer information.The Rule was first enacted in 2003, but subsequently amended in 2021 to accomodate advancements in technology.
The Safeguards Rule covers 'financial institutions,' which are entities that are engaged in an activity that is financial in nature or incidental to such financial activities.
The Rule requires covered financial institutions to develop, implement, and maintain an information security.
Click here to learn more about the FTC Safeguards Rule
Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada's Personal Information Protection and Electronic Document's Act (PIPEDA) applies tocorporations in Canada that "collect, use or disclose personal information in the course of a commercial activity."PIPEDA defines a commercial activirty as "any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering, or leasing of donor, membership, or other fundraising lists."Click here to learn more about PIPEDA
EU Digital Operational Resilience Act (DORA)
DORA, enacted in 2022, is an EU regulation, similar to 23 NYCRR 500, that impacts financial service institutions. DORA focuses specifically on cybersecurity protections for these institutions. Entities covered under DORA have until January 17, 2025 to comply before enforcement begins.
DORA requires financial entities to address cybersecurity complaince for Risk management and governance, incident response and reporting, digital operational resilience testing, and third-party riskmanagement.
Interestingly, similar to 23 NYCRR 500, DORA's guidelines financial entities individually, based on their own existing guidelines. DORA focuses on establishing a "universal framework for managing and mitigating ICT risk" by removing gaps between EU nations.
Also similar to 23 NYCRR 500, Small financial institutions are not held to the same standards as major financial institutions.
Click here to learn more about DORA
