Virginia Lottery for the year ended June 30, 2022

 

The Virginia Lottery’s (Lottery’s) management needs to strengthen system access controls over its financial accounting and reporting system to ensure individuals’ access adheres to the principle of least privilege.  Additionally, Lottery should dedicate the necessary resources to implement security controls for its Virtual Private Network that meet the requirements of the Security Standard and industry best practices.  Lottery should also update its policies and procedures and implement a process that ensures the consistent tracking and reconciliation of all information technology (IT) assets from purchase to surplus and disposal.  Lastly, Lottery should develop and implement a formal framework for gaining appropriate assurance over outsourced operations that affect its IT environment, sensitive data, or mission-critical processes.