Complying with New York’s Title 23 NYCRR Part 500 Cybersecurity Regulation
The Docusign IAM platform offers financial services organizations tools like multi-factor authentication and identity verification to help comply with New York State's updated Title 23 NYCRR Part 500 cybersecurity regulation requiring enhanced security measures.
Financial services organizations operating in New York State are subject to some of the most rigorous compliance requirements in the U.S. In no arena is this truer than cybersecurity, where the New York State Department of Financial Services (NYSDFS) has in recent years taken a more aggressive regulatory stance to help protect consumers and financial institutions from increasingly sophisticated and costly cyberattacks and data breaches.
Significantly, NYSDFS amended Title 23 New York Codes, Rules, and Regulation Part 500: Cybersecurity Requirements for Financial Services Companies opens in a new tab on Nov 1, 2023. This latest amendment includes more robust requirements for implementing multi-factor authentication (MFA) under section 500.12.
Beginning November 1, 2025, a broad group of financial services organizations designated as “Covered Entities” must enable multi-factor authentication (MFA) for “any individual accessing the Covered Entity’s internal networks from an external network,” unless a limited exemption applies. MFA comes in many different flavors, and under Title 23 NYCRR Part 500, Covered Entities must implement at least two of the following types of authentication:
Type 1 – Knowledge factors, such as a password and/or passcode
Type 2 – Possession factors, such as a token or text message on a mobile phone
Type 3 – Inherence factors, such as a biometric characteristic
Docusign balances regulatory compliance and customer experience
Thanks to Intelligent Agreement Management (IAM) solutions offered by Docusign, financial institutions don’t have to choose between providing an outstanding customer experience and meeting the latest MFA requirements included in Title 23 NYCRR Part 500.
Docusign eSignature has long been a leading solution that helps financial firms deliver a secure, seamless, and trusted signing experience to their customers. Now, the Docusign IAM platform offers a wide range of capabilities supporting the robust new MFA requirements that financial institutions must comply with.
The new Docusign ID Verification for NYCRR500 Compliance workflow enables financial services organizations to quickly implement identity verification and authentication capabilities designed to support regulatory requirements.
Available in both eSignature and Maestro, the workflow requires recipients to complete two authentication steps before accessing the agreement:
Knowledge-Based Authentication (KBA)
A built-in risk assessment also helps detect suspicious activity early, blocking high-risk recipients and adding an extra layer of protection for sensitive information.
With Docusign, customers can also access important transaction metadata and recipient identity information through Docusign ID Evidence and the final Certificate of Completion (CoC), giving security teams a clear way to demonstrate compliance during future audits.
If you’re new to Docusign, schedule a demo today to see how our innovative solutions for multi-factor authentication can work for you. And if you’re a current Docusign customer, reach out to your account representative to learn how to activate these identity verification solutions on your existing subscription.
Related posts
Docusign IAM is the agreement platform your business needs
