Section R. 432.738 - Internet sports betting platform assessmentRule 738.
(1) Each sports betting operator or internet sports betting platform provider shall, within 90 days after commencing operations, and annually thereafter, perform an internet sports betting platform integrity and security assessment of the internet sports betting platform conducted by an independent professional selected by the sports betting operator or internet sports betting platform provider and subject to approval of the board. The scope of the internet sports betting platform integrity and security assessment is subject to approval of the board and must include, at a minimum, all of the following: (a) A vulnerability assessment of internal, external, and wireless networks with the intent of identifying vulnerabilities of all devices, the internet sports betting platforms, and applications connected to or present on the networks.(b) A penetration test of all internal, external, and wireless networks to confirm if identified vulnerabilities of all devices, the internet sports betting platforms, and applications are susceptible to compromise.(c) A policy and procedures review against the current ISO 27001 standard or another similar standard approved by the board.(d) Any other specific criteria or standards for the internet sports betting platform integrity and security assessment as prescribed by the board.(2) The full independent professional's report on the assessment must be submitted to the board and must include all the following: (b) Name and company affiliation of the individual or individuals who conducted the assessment.(e) Recommended corrective action, if applicable.(f) Sports betting operators or internet sports betting platform providers response to the findings and recommended corrective action.Mich. Admin. Code R. 432.738
2020 MR 22, Eff. 12/2/2020