The New York Department of Financial Services (“NYDFS”) recently updated its Frequently Asked Questions to add several detailed new FAQs on the expanded multi-factor authentication (“MFA”) rule. As of November 1, 2025, NYDFS’s Cybersecurity Regulation, 23 NYCRR Part 500 (“Part 500”), requires MFA for all user access to all information systems. These new FAQs provide a level of detail that is unusual for NYDFS and underscores the Department’s focus on MFA as a critical cybersecurity control….
By: Mayer Brown
By: Mayer Brown
