Checklist

2025 NYDFS Cybersecurity Compliance Checklist

Quickly see if you meet 2025 NYDFS cybersecurity requirements for your SaaS applications with this NYDFS Compliance checklist.

All Financial Services companies that do business in New York are subject to new SaaS security regulations in accordance with NYDFS Part 500 Cybersecurity requirements. New mandates around Shadow SaaS management, MFA enforcement, and more go into effect November 2025.

To avoid audit findings, security teams must secure their SaaS apps like Microsoft 365, Salesforce, and others in accordance with new NYDFS cybersecurity regulations. This includes:

  • Multi-Factor Authentication: necessary for any individual accessing any Information Systems, regardless of location, type of user, and type of information contained on the Information System being accessed 
  • Asset Inventory: required to develop and maintain up-to-date inventories of Information Systems—meaning blind spots from shadow SaaS or unknown app-to-app integrations are no longer acceptable

To learn more about these new policies, and how your security team can quickly and confidently meet compliance, download the 2025 NYDFS Cybersecurity Compliance Checklist.

Download Now

Get Started

Start in minutes and secure your critical SaaS applications with continuous monitoring and data-driven insights.

get a demo