UpGuard Capability: Demonstrating DFS 23 NYCRR 500 Compliance

Last updated by Greg Pollock on April 19, 2018

UpGuard makes a cyber resilience platform designed for exactly the realities that necessitate regulations like New York State Department of Financial Services 23 NYCRR 500. On one hand, businesses need to store, processes, and maintain availability for growing stores of valuable data; on the other, the very conditions for market success open them to attacks from increasingly sophisticated and motivated attackers. Balancing these requirements makes a business resilient, and UpGuard provides the visibility, analysis, and automation needed to thrive while satisfying regulations like NYCRR 500.

500.06 - Audit Trail

Logging solutions create a record of machine activity and are an important part of any audit trail. Additionally, logging configurations need to be validated to ensure that the correct information is being captured, as a misconfigured audit tool is no better than none at all. Because logging is concerned with a machine's activity rather than its configuration state, logging lacks any awareness of the context of the activity it records. UpGuard ensures logging is correctly configured to satisfy compliance requirements and gathers the missing information on the surrounding machine state.


UpGuard validates that logging is correctly configured to pass audit.


500.07 - Access Privileges

Knowing what users and groups are provisioned with what credentials and on what machines is fundamental to avoiding security incidents. UpGuard already satisfies this requirement for customers subject to similar requirements in regulations like Sarbanes-Oxley. UpGuard continuously records the users with access to every operating system, application, and database to validate that access privileges are set correctly.


Every system's users are automatically tracked by UpGuard.

500.09 - Risk Assessment

UpGuard leads the industry with continuous automated risk assessment for all information systems. By gathering data on system changes, misconfigurations, policy violations, vulnerabilities, and third party risks, UpGuard can calculate a risk scored based on the top controls defined by external parties like the Center for Internet Security and the SANS Institute.


UpGuard's risk dashboard provides interactive tracking of the most common controls.

500.14 - Training and Monitoring

UpGuard offers consultative services with domain specialists certified by ISACA, CISSP, AXELOS, ANSI/ISO 17024:2012, IAPP, and others to develop your cyber security policy and incident response plan. Separately, the UpGuard platform provides real-time monitoring to capture the identity of all users making changes and alert on unauthorized access.


Track file changes in real-time and capture users making unauthorized changes.

Get Started

For financial services companies that do business in the state of New York, the deadline to comply with DFS 23 NYCRR 500 is fast approaching. UpGuard provides solutions to several provisions as well as validating that complementary compliance solutions are configured correctly to gather the information needed to pass audit. To learn more, join us for a live demonstration of how UpGuard helps.