DFS and GCA partnered to bring additional resources to financial institutions. DFS developed a set of policies that are incorporated into the GCA toolkit. While these samples provide a helpful starting point, they can and should be customized based on the needs, risks, resources, and structure of the business.
Some businesses may require additional actions beyond those suggested; likewise, not every action suggested will be required for each business. Policies based only on the samples therefore may not constitute full compliance with state and federal laws and regulations, including DFS’ Cybersecurity Regulation. The policies cover: