The New York State Department of Financial Services published its Cybersecurity Requirements for Financial Services Companies. Some of the requirements went into effect in late 2017, while others were deferred under a transition period. The DFS regulation includes 22 separate provisions covering policies, procedures, and implementation requiring financial services organizations to better protect data. Financial services organizations can comply with the DFS while deploying user-friendly, secure solutions, such as multi-factor authentication and application security. The regulation still requires MFA, it is not so restrictive as to mandate a specific NIST Authenticator Assurance Level.”]