23 NYCRR Part 500 is the New York Department of Financial Services' cybersecurity regulation, originally adopted in 2017 and substantially amended in 2023. It applies to entities licensed under NY banking, insurance, or financial services law. Requirements include a designated CISO, written cybersecurity policy, MFA, encryption of nonpublic information, incident response, vulnerability management, third-party risk management, and annual certification to the DFS by April 15.