Pennsylvania Code
Pennsylvania Code & Bulletin
COMMONWEALTH OF PENNSYLVANIA

• No statutes or acts will be found at this website.

The Pennsylvania Code website reflects the Pennsylvania Code changes effective through 54 Pa.B. 488 (January 27, 2024).

58 Pa. Code § 809a.8. Security policy requirements.

§ 809a.8. Security policy requirements.

 Interactive gaming certificate holders and interactive gaming operators shall adopt and maintain a Board-approved information security policy which describes the certificate holder’s or licensee’s approach to managing information security and its implementation. This policy is required in addition to any similar requirements that may be imposed as part of the certificate holder’s or licensee’s internal controls. The information security policy must:

   (1)  Conform to the standards of the most recent version of the NIST cybersecurity framework.

   (2)  Be reviewed annually as well as when significant changes occur to the interactive gaming system or the processes which alter the risk profile of the interactive gaming system.

   (3)  Be approved annually by the certificate holder’s or operator’s management.

   (4)  Be communicated to all employees and relevant external parties.

   (5)  Delineate the responsibilities of the certificate- holder’s or licensee’s staff and the staff of any third parties for the operation, service and maintenance of the interactive gaming system and its components.


No part of the information on this site may be reproduced for profit or sold for profit.


This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.