IT Vulnerability Assessment

The National Indian Gaming Commission offers no-cost IT vulnerability assessment testing for tribes and tribal regulators, which provides a tribal gaming facility with a comprehensive vulnerability analysis of their IT systems and operational processes.

IT vulnerability assessment testing is a high-level tool that assists requesting tribes with valuable insight into their IT security posture relative to its gaming systems and operational processes.  The engagement provides a solid baseline for internally mitigating any risks identified or to assist in justifying funding for third-party assistance if needed. 

IT vulnerability assessment testing consists of external and internal testing. The external test scans and detects security vulnerabilities visible from outside of the gaming system network. The scan considers all security layers on the network between the scanner machine and the target system. The internal network test provides an overview of vulnerabilities visible from inside the local gaming system network, considering host-based security controls on the target system.

The services will typically be performed on-site by a team of two NIGC network engineers who will conduct the network assessments.

The internal network assessment will include the following activities:

• Network level port scanning of the system and workstations.
• Identification of vulnerabilities against a published national vulnerability database.
• Identify areas of weaknesses that a potential hacker can leverage to gain access.
• Policy review and operational testing and validation to identify policy violations by employees.

At the conclusion of the assessment, a detailed technical report will be provided summarizing the methods of testing and the results of the tests, which include:

• Scope – Defined targets, goals, and objectives of the overall testing phases and policy review.
• Approach – A breakdown of the methods and tools used during the testing of the internal systems and networks to conduct the risk assessment.
• Findings – A detailed report containing the test results from the assessment with identified risks and weaknesses will be generated.
• Recommendations – Identification of strengths and weaknesses based on assessment findings and policy review presented for the tribe’s review. Provide recommendations to help improve areas of concern.

If you would like to request an ITVA to include requesting an Internal Control Assessment in conjunction with your ITVA, find out more information here.

Contact

Division of Technology
Email: itsupport@nigc.gov