Supply

NYDFS Issues Supply Chain Management Guidance – Technology



United States:

NYDFS Issues Supply Chain Management Guidance


To print this article, all you need is to be registered or login on Mondaq.com.

NYDFS Issues Supply Chain Management Guidance

The New York State Department of Financial Services recently
issued recommendations to financial institutions in
the aftermath of the SolarWinds cyberattack. In that attack,
hackers inserted malware into SolarWinds software which was then
distributed to SolarWinds’ customers (many of which were
financial institutions). After discovery, SolarWinds released a
series of hot fixes to address vulnerabilities in their software
associated with the attack. Although NYDFS found that most
companies responded quickly to patch the vulnerabilities, it did
identify additional steps to reduce supply chain risk:

  • Properly diligence third party service providers’ potential
    cybersecurity risks, and include in vendor contracts -particularly
    critical vendors- provisions that ensure cybersecurity practices
    and cyber hygiene can be monitored, and that require immediate
    notice of any cyber event that could impact the company.

  • Assume any software from service providers might be
    compromised. Thus authorize only as-needed access and monitor for
    malicious activity.

  • Have a vulnerability management program with patch rollback
    procedures to ensure timely patches.

  • Update incident response plans to address supply chain
    compromises.

As we have reported recently, NYDFS is actively enforcing
the cybersecurity rules, and these recommendations can be read in
context of those rules.

Putting it Into Practice: These NYDFS cybersecurity
recommendations highlight for financial services companies the
expectations the department has of them with regard to supply-chain
risk. Companies would be well-served to review their vendor
management practices against these latest
recommendations.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from United States



Read More: NYDFS Issues Supply Chain Management Guidance – Technology

Products You May Like