(a) As part of its cybersecurity program, each Covered Entity shall establish a written incident response plan designed to promptly respond to, and recover from, any Cybersecurity Event materially affecting the confidentiality, integrity or availability of the Covered Entity’s Information Systems or the continuing functionality of any aspect of the Covered Entity’s business or operations.

Section 500.16

(b) Such incident response plan shall address the following areas:

Section 500.16

(2) the goals of the incident response plan;

Section 500.16

(6) documentation and reporting regarding Cybersecurity Events and related incident response activities; and

Section 500.16

(7) the evaluation and revision as necessary of the incident response plan following a Cybersecurity Event.

Section 500.00Introduction.

Section 500.01Definitions.

Section 500.02Cybersecurity Program.

Section 500.03Cybersecurity Policy.

Section 500.04Chief Information Security Officer.

Section 500.05Penetration Testing and Vulnerability Assessments.

Section 500.06Audit Trail.

Section 500.07Access Privileges.

Section 500.08Application Security.

Section 500.09Risk Assessment.

Section 500.10Cybersecurity Personnel and Intelligence.

Section 500.11Third Party Service Provider Security Policy.

Section 500.12Multi-Factor Authentication.

Section 500.13Limitations on Data Retention.

Section 500.14Training and Monitoring.

Section 500.15Encryption of Nonpublic Information.

Section 500.16Incident Response Plan.

Section 500.17Notices to Superintendent.

Section 500.18Confidentiality.

Section 500.19Exemptions.

Section 500.20Enforcement.

Section 500.21Effective Date.

Section 500.22Transitional Periods.

Section 500.23Severability.

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities