Non-Exempt Companies are those that
Non Exempt companies need to comply with ALL 16 sections of the regulation.
| Required Sections |
|---|
| 500.02 Cybersecurity Program |
| 500.03 Cybersecurity Policy |
| 500.04 Chief Information Security Officer |
| 500.05 Penetration Testing* and Vulnerability Assessments |
| 500.06 Audit Trail |
| 500.08 Application Security |
| 500.09 Risk Assessment |
| 500.10 Cybersecurity Personnel and Intelligence |
| 500.11 Third Party Service Provider Security Policy |
| 500.12 Multi‐Factor Authentication |
| 500.13 Limitations on Data Retention |
| 500.14 Training and Monitoring |
| 500.15 Encryption of Nonpublic Information |
| 500.16 Incident Response Plan |
| 500.17 Notices to Superintendent |
| CyberGuard360 Solution | Includes |
|---|---|
| Full Access Pass to ALIT’s DFS Compliance Portal | |
| Employee Cyber Security: Training & Refreshers | |
| Complete Set of Cyber and Business Policy Templates | |
| Incident Response Plan | |
| Compliance Deadline Reminders | |
| Endpoint Security Suite | |
| Web Security Suite | |
| Anti-Ransomware Protection w/Forensics | |
| Email & File Encryption | |
| Managed Firewall | |
| Superintendent Notifications & Filings | |
| Cyber & Security Event Alerting Appliance | |
| Multi-Factor Authentication |
| Monthly | Setup | |
|---|---|---|
| 10-25 users | $795 | $1995 |
| 26-50 users | $1,495 | $2995 |
| 51+ users | TBD | TBD |
