Mich. Admin. Code R. 432.638

Current through Vol. 24-22, December 15, 2024
Section R. 432.638 - Internet gaming platform assessment

Rule 638.

(1) Each internet gaming operator or internet gaming platform provider shall, within 90 days after commencing operations, and annually thereafter, perform an internet gaming platform integrity and security assessment of the internet gaming platform conducted by an independent professional selected by the internet gaming operator or internet gaming platform provider and subject to approval of the board. The scope of the internet gaming platform integrity and security assessment is subject to approval of the board and must include, at a minimum, all of the following:
(a) A vulnerability assessment of internal, external, and wireless networks with the intent of identifying vulnerabilities of all devices, the internet gaming platform, and applications connected to or present on the networks.
(b) A penetration test of all internal, external, and wireless networks to confirm if identified vulnerabilities of all devices, the internet gaming platform, and applications are susceptible to compromise.
(c) A policy and procedures review against the current ISO 27001 standard or another similar standard approved by the board.
(d) Any other specific criteria or standards for the internet gaming platform integrity and security assessment as prescribed by the board.
(2) The full independent professional's report on the assessment must be submitted to the board and must include all the following:
(a) Scope of review.
(b) Name and company affiliation of the individual or individuals who conducted the assessment.
(c) Date of assessment.
(d) Findings.
(e) Recommended corrective action, if applicable.
(f) Internet gaming operators or internet gaming platform providers response to the findings and recommended corrective action.

Mich. Admin. Code R. 432.638

2020 MR 22, Eff. 12/2/2020