Gaming Laboratories International (GLI®) has achieved another milestone, releasing the first and only gaming information security standard, “GLI Gaming Security Framework Module 1 (GLI-GSF-1): Gaming Information Security (GIS) Common Controls Audit.” Now the company has re-released the draft of the module for initial industry-wide comment.

“GLI developed the GSF to address the industry’s strong demand for a comprehensive framework for gaming security,” said Joseph Bunevith, GLI’s Vice President of Government and Regulatory Affairs. “To create the GLI-GSF, we drew on 35 years of knowledge and insights into the gaming industry and conducted a thorough review of global best practices for information security. We worked closely with Bulletproof Solutions and gathered feedback from industry stakeholders to establish this framework for gaming security.”

The draft of the GLI-GSF-1 is provided to industry stakeholders for review and comment. Stakeholders include wagering, gaming and lottery regulators, suppliers, test laboratories, security firms, operators, and industry trade associations. The previous comment period was to familiarize stakeholders with the CIS Controls, while this second comment period will introduce additional common controls specific to the gaming industry, along with Gaming Implementation Group indications.

The comment period is underway and concludes on August 31, 2024. Written comments are encouraged and should be recorded in the comment template linked below and submitted to the “GLI Compliance” mailbox at [email protected].
GLI-GSF-1 v1.0 Public Comment Draft
GLI-GSF-1 v1.0 Comment Template

GLI will process the comments received from industry stakeholders and collaborate as needed to address their interpretation, evaluation, and resolution in the context of the revision to this module.

This module of GLI-GSF sets forth the common controls necessary for auditing a gaming organization. These common controls apply to all forms of gaming, effectively replacing the technical security controls previously established in GLI-27 for land-based gaming operations and, in the near future, will replace the technical security controls previously established in Appendix B of GLI-19 and GLI-33 for interactive gaming and event wagering as other modules are released.

This module of the GLI-GSF integrates the CIS Controls, developed by the Center for Internet Security (CIS), as foundational components to ensure robust security measures across all aspects of gaming operations. The CIS Controls represent a globally recognized set of cybersecurity best practices designed to help organizations bolster their security posture and defend against a wide range of cyber threats. These controls serve as foundational pillars for building a resilient and secure gaming environment, safeguarding against evolving cyber threats, and ensuring the integrity of gaming organizations. The CIS Controls are available for free download at www.cisecurity.org.

Each module in the GLI-GSF is a culmination of industry best practices and is continually updated based on industry feedback. The GLI-GSF was created using a collaborative approach that involved thousands of gaming industry stakeholders. This framework was intended to assist regulators by creating baseline security guidelines that they can adopt and/or utilize as they see fit. In addition to assisting regulators, this framework is of tremendous value to gaming organizations seeking comprehensive guidance and recommendations for enhancing security across all aspects of gaming operations, saving both time and expense.