Ariz. Admin. Code § 19-4-127
Current through Register Vol. 30, No. 50, December 13, 2024
Section R19-4-127 - Integrity and Security AssessmentA. The responsible party shall perform an integrity and security assessment of the event wagering system within 120 days after the commencement of operations, and annually thereafter. The assessment shall be conducted by an independent integrity and security assessment professional. The scope of the assessment shall include, at a minimum, the following:1. A vulnerability assessment of mobile platforms, mobile applications, internal, external, and wireless networks with the intent of identifying vulnerabilities of all devices, platforms, and applications connected to or present on the networks;2. A penetration test of all mobile platforms, mobile applications, internal, external, and wireless networks to confirm if identified vulnerabilities of all devices, platforms, and applications are susceptible to compromise;3. A policy and procedures review against the current ISO 27001 standard or another similar standard approved by the Department;4. A review of the firewall rules to verify the operating condition of the firewall and the effectiveness of its security configuration; and5. Any other specific criteria or standards for the integrity and security assessment as required by the Department.B. The full independent integrity and security assessment professional's report on the assessment shall be submitted to the Department no later than 30 days after the assessment is completed and shall include the following: 1. Assessment procedures and scope;2. Name and company affiliation of the individual or individuals who conducted the assessment;5. Recommended corrective action, if applicable; and6. The responsible party's response to the findings and recommended corrective action.Ariz. Admin. Code § R19-4-127
Adopted by final exempt rulemaking at 27 A.A.R. 1167, effective 7/26/2021. Amended by final exempt rulemaking at 28 A.A.R. 919, effective 4/15/2022.