Statutes, codes, and regulations
District Of Columbia Administrative Code
Title 30 - LOTTERY AND CHARITABLE GAMES
Chapter 30-21 - PRIVATELY OPERATED SPORTS WAGERING
Rule 30-2125 - TECHNICAL SECURITY CONTROL AUDIT REQUIREMENTS

D.C. Mun. Regs. tit. 30, r. 30-2125

Download
PDF
Current through Register Vol. 71, No. 44, November 1, 2024
Rule 30-2125 - TECHNICAL SECURITY CONTROL AUDIT REQUIREMENTS
2125.1

By June 1 of each year after being licensed, Operators and Management Services Providers must complete an annual security audit by an independent licensed auditor approved by the Office. Sports Wagering Operators and Management Services Providers are responsible for forwarding the results of this audit to the Office.

2125.2

Newly-licensed Operators and Management Services Providers shall submit a security audit within six (6) months of being licensed. This is irrespective of whether they are actively participating in sports wagering or not.

2125.3

This audit includes, but is not limited to, an information security system (ISS) assessment:

(a) Review of the operational processes that are critical to compliance;
(b) penetration testing focused on the external and internal infrastructure;
(c) The applications transferring, storing or processing player credentials or sensitive information; and
(d) Any other objectives established by the Office.
2125.4

Compliance with these standards is to ensure that Operators and Management Services Providers have appropriate security controls in place so that players are not exposed to unnecessary risks when choosing to participate in sports wagering.

D.C. Mun. Regs. tit. 30, r. 30-2125

Final Rulemaking published at 66 DCR 011618 (8/30/2019)