ARSD 20:18:35.01:08
The full independent information technology security professional's report on the assessment must be submitted to the executive secretary no later than 30 days after the assessment is conducted and must include:
(6) The licensee’s or sports wagering services provider’s response to the findings and recommended corrective action.
Where approved by the executive secretary, it is acceptable for the independent information technology security professional to leverage the results of prior assessments within the past year conducted by the same professional against standards from the International Organization for Standardization, the International Electrotechnical Commission, the National Institute of Standards and Technology, the Payment Card Industry, or equivalent. Such leveraging shall be noted in the professional’s report. Components unique to the state must be given fresh assessments.
Source: 48 SDR 14, effective August 22, 2021 .
General Authority: SDCL 42-7B-7 , 42-7B-11 (13).
Law Implemented: SDCL 42-7B-2.1 (1), 42-7B-43 .