The National Indian Gaming Commission offers no-cost IT vulnerability assessment testing for tribes and tribal regulators, which provides a tribal gaming facility with a complete vulnerability analysis of their IT system.
IT vulnerability assessment testing is a high-level tool that assists tribes’ IT security posture relative to its gaming systems and provides a solid baseline for internally mitigating any risk found or to assist in justifying funding for third-party assistance if needed.
IT vulnerability assessment testing consists of two types of tests; external and internal. The external test provides an overview of security vulnerabilities, which are visible from outside the gaming system network. The scan takes into account all security layers on the network between the scanner machine and the target system. The internal network test provides an overview of vulnerabilities, which are visible from the local network, taking into account host-based security controls on the target system.
The services will be performed by a team of two NIGC network engineers on-site who will conduct an Internal network Audit.
The Internal network Audit will include the following items:
- Port scanning of the system and workstations.
- Identify vulnerabilities against a published vulnerability database.
- Identify areas that a potential hacker can gain access.
- Policy identification of the operation has outlined policies; this will identify an employee violating these policies on their workstations.
At the conclusion of the assessment, a detailed technical report will be provided, which summarizes the methods of testing and the results of the tests, which include:
- Scope – A summary of what the overall testing phases and policy review accomplish.
- Approach – A breakdown of the methods and tools used during testing of the internal and wireless network risk audit.
- Findings – A detailed report containing the test results from the internal and wireless network risk audit.
- Recommendations – Identify strengths and weaknesses based on audit findings and policy review. Provide recommendations to help improve areas of concern.
If you’d like to request an Internal Control Assessment in conjunction with your ITVA, find out more information here.
Division of Technology