Md. Code Regs. 36.10.13.21
Current through Register Vol. 51, No. 17, August 23, 2024
Section 36.10.13.21 - Access to Sports Wagering PlatformsA. The sports wagering licensee shall limit and control administrative access to the sports wagering platform and associated equipment by ensuring the following: (1) Maintain access configurations and procedures that meet industry best practices and adhere to nationally recognized information technology compliance standards;(2) Maintain logs of user access and review the logs daily to identify security incidents and unusual transactions;(3) Coordinate and develop an education and training program on information security and privacy matters for employees and other authorized users;(4) Ensure compliance with all State and federal information security policies and rules;(5) Prepare and maintain security-related reports and data;(6) Develop and implement an incident response plan to address security breaches, policy violations and complaints from external parties;(7) Develop and implement an ongoing risk assessment program that targets information security and privacy matters by identifying methods for vulnerability detection and remediation and overseeing the testing of those methods; and(8) Ensure remote access to a sports wagering licensee's sports wagering platform and associated equipment is only permitted from within the local network and not directly accessible from the internet unless secured and monitored and approved by the MLGCC on a case-by-case basis.B. All sports wagering licensee's sports wagering platforms and associated equipment shall be available for independent testing by the Commission or the Commission's designee.Md. Code Regs. 36.10.13.21
Amended effective 49:1 Md. R.16, eff. 1/13/2022