Amendment #1381 to H3900

Gaming Industry Data Security

Mr. Cassidy of Brockton moves to amend the bill by adding the following section:

“SECTION XXXX. The Massachusetts Gaming Commission shall by regulation establish a requirement for redundancy of data security with multi-layered approach on mobile applications and web applications to reduce harm to consumers.  Utilization of a Federal Information Processing Standard (FIPS) 140-3 validated technology that goes beyond the security of standard encryption to reduce the attack surface and mitigate known vulnerabilities caused by zero-day attacks, man-in-the-middle attacks, injection attacks, packet inspection, pattern recognition, credential stuffing and other elements of nefarious activity used to disrupt the integrity and trust in the data communication from the consumer to the Gaming Operator”.