Wyoming Administrative Code
Agency 038 - Wyoming Gaming Commission
Sub-Agency 0002 - Online Sports Wagering
Chapter 5 - Technical Standards
Section 5-5 - Integrity and Security Assessment

Universal Citation: WY Code of Rules 5-5

Current through September 21, 2024

(a) Each sports wagering operator or sports wagering vendor shall, within ninety (90) days after commencing operations in Wyoming, and annually thereafter, have an integrity and security assessment of the sports wagering system conducted by an independent professional selected by the sports wagering operator or sports wagering vendor and subject to approval of the Commission.

(b) The scope of the sports wagering system integrity and security assessment is subject to approval of the Commission and must include, at a minimum, all of the following:

(i) A vulnerability assessment of digital platforms, mobile applications, internal, external, and wireless networks with the intent of identifying vulnerabilities of all devices, the sports wagering systems, and applications transferring, storing, and/or processing personal identifying information (PII) and/or other sensitive information connected to or present on the networks;

(ii) A penetration test of all digital platforms, mobile applications, internal, external, and wireless networks to confirm if identified vulnerabilities of all devices, the sports wagering systems, and applications are susceptible to compromise;

(iii) A review of the firewall rules to verify the operating condition of the firewall and the effectiveness of its security configuration and rule sets performed on all of the perimeter firewalls and the internal firewalls;

(iv) A technical security control assessment against the provisions adopted in Appendix B of GLI-33 and these rules with generally accepted professional standards and as approved by the Commission;

(v) An evaluation of information security services, cloud services, payment services (financial institutions, payment processors, etc.), location services, and any other services which may be offered directly by the permittee or involve the use of third parties; and

(vi) Any other specific criteria or standards for the sports wagering system integrity and security assessment as prescribed by the Commission.

(c) The full independent professional's report on the assessment must be submitted to the Commission no later than thirty (30) days after the assessment is conducted and must include all the following:

(i) Scope of review;

(ii) Name and company affiliation of the individual or individuals who conducted the assessment;

(iii) Date of assessment;

(iv) Findings;

(v) Recommended corrective action, if applicable; and

(vi) Sports wagering operator's or sports wagering vendor's response to the findings and recommended corrective action.

(d) Where approved by the Commission, it is acceptable to leverage the results of prior assessments within the past year conducted by the same independent professional against standards such as ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, the NIST Cyber security Framework (CSF), the Payment Card Industry Data Security Standards (PCI-DSS), or equivalent. Such leveraging shall be noted in the independent professional's report. This leveraging does not include critical components unique to the state which will require fresh assessments.

Disclaimer: These regulations may not be the most recent version. Wyoming may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.