S.D. Admin. R. 20:18:35.01:07

Current through Register Vol. 51, page 67, December 16, 2024
Section 20:18:35.01:07 - Integrity and security assessment - Scope

The scope of the sports wagering system integrity and security assessment is subject to the approval of the commission and must include:

(1) A vulnerability assessment of digital platforms, mobile applications, internal, external, and wireless networks with the intent of identifying vulnerabilities of all devices, the sports wagering systems, and applications transferring, storing, and/or processing personal identifying information or other sensitive information connected to or present on the networks;
(2) A penetration test of all digital platforms, mobile applications, and internal, external, and wireless networks to confirm devices, the sports wagering systems, and applications are susceptible to compromise;
(3) A review of the firewall rules to verify the operating condition of the firewall and the effectiveness of its security configuration and rule sets that must be performed on all perimeter and internal firewalls;
(4) A technical security control assessment against the provisions adopted in Appendix B of GLI-33 and chapter 20:18:35.01 with generally accepted professional standards;
(5) An evaluation of information security services, cloud services, payment services, financial institutions, payment processors, location services, and any other services that may be offered directly by the licensee or involve the use of third parties; and
(6) At the discretion of the executive secretary, any additional assessments or specific testing criteria which may be required by internal control procedures.

S.D. Admin. R. 20:18:35.01:07

48 SDR 014, effective 8/22/2021

General Authority: SDCL 42-7B-7, 42-7B-11(13).

Law Implemented: SDCL 42-7B-2.1(1), 42-7B-43.