GLI-GSF-4 v1.0: Land-Based Casino Security Controls Under the Gaming Security Framework

GLI-GSF-4 v1.0, formally titled the Gaming Information Security (GIS) Controls Audit, Land-based Gaming Controls, is the dedicated security framework module that Gaming Laboratories International (GLI) has issued for physical gaming venues: casinos, racetracks, gaming halls, and any other location that delivers gaming devices, table games, bingo, lottery, or event wagering to patrons in person. Published in 2025 under copyright by Gaming Laboratories International, LLC, GLI-GSF-4 builds directly on the common controls established in GLI-GSF-1 v1.1 and adds a focused set of land-based-specific controls, designated with the prefix LGIS (Landbased Gaming Information Security). For compliance teams responsible for physical venues, this is now the primary GLI technical security reference for the gaming production environment (GPE), replacing the technical security tests previously established in GLI-27.

Where GLI-GSF-4 Sits in the GLI Security Framework

The GLI Gaming Security Framework (GLI-GSF) is a modular suite. GLI-GSF-1 v1.1 establishes the common Gaming Information Security (GIS) controls applicable across all gaming types, organised into three Gaming Information Governance tiers (GIG1, GIG2, and GIG3) that calibrate control intensity to enterprise risk and complexity. Each subsequent module extends GLI-GSF-1 for a specific operational context. GLI-GSF-2 addresses the technical security assessment process. GLI-GSF-3 covers non-gaming vendor integrations. GLI-GSF-4 is the land-based module. GLI-GSF-5 is the parallel module for online gaming operations. All five modules are available free of charge at gaminglabs.com.

The GLI-GSF-4 standard states its relationship to the broader suite explicitly: a Gaming Enterprise subject to GLI-GSF-4 must also comply with the Common GIS Controls specified in GLI-GSF-1 for the applicable GIG tier, and, depending on the full scope of the enterprise, additional modules may also apply. A land-based operator that simultaneously runs an online channel must apply both GLI-GSF-4 and GLI-GSF-5. The standard is equally clear about responsibility allocation: it is the responsibility of the multiple entities that make up the Gaming Enterprise to agree among themselves on who is accountable for each control, and GLI-GSF-4 does not prescribe that allocation.

What Does GLI-GSF-4 Actually Govern?

GLI-GSF-4 defines its subject as the Gaming Production Environment (GPE): the operational setting where land-based gaming activities and related services are conducted, managed, and delivered to patrons in a live or real-time manner. Critical System Components within the GPE are broadly defined and include components that record, store, process, share, transmit, or retrieve sensitive data, components that generate, transmit, or process random numbers used to determine game and event outcomes, components that store results or the current state of a patron’s game, wager, or available funds, points of entry to and exit from those components, communications technology and networks transmitting sensitive data, and components providing security services, including authentication servers, access control servers, SIEM systems, physical security systems, surveillance systems, and MFA systems. Components that facilitate segmentation, such as internal network security controls, are also explicitly within scope.

The standard defines Sensitive Data to include audit logs and system databases recording outcome information, accounting and significant event information, RNG seeds, encryption keys, validation numbers associated with patron accounts and wagering instruments, fund transfer records, software packages within the GPE, location data related to employee or patron activity, government identification numbers, personal financial information (credit and debit instrument numbers, bank account numbers); and authentication credentials. This breadth of scope means that a venue’s security governance programme cannot be limited to gaming floor devices alone. Back-office systems, cashier infrastructure, and any network that touches these data categories all fall within GLI-GSF-4’s perimeter.

The LGIS Control Structure: Eight Domains

The land-based-specific controls in GLI-GSF-4 are organised into eight numbered LGIS sections, supplementing the common GIS controls drawn from GLI-GSF-1. The audit under GLI-GSF-4 must be conducted by an Independent Security Firm (ISF) meeting the qualification standards set out in GLI-GSF-1, and the resulting report must identify instances of non-compliance, potential vulnerabilities, and weaknesses, as well as recommendations for improvement. Where the ISF recommends remediation, the Gaming Enterprise must provide the Regulatory Body, and the ISF if required by the Regulatory Body, with a remediation plan and associated risk mitigation plans detailing the actions and schedule.

LGIS-1: Integrity Verification of Critical Control Programs

Under LGIS-1, the Gaming Enterprise must maintain controls for verifying the integrity of Critical Control Programs within the GPE. The standard requires that verification records capture the date and time of verification, a description of the components or configurations verified, details of any discrepancies or failures detected, corrective actions taken and resolution status, and the identity of the individual who initiated the verification when performed on demand. Any failure of integrity verification must trigger notification to the Gaming Enterprise without delay. Where the Regulatory Body requires it, failures must also be reported to the Regulatory Body without undue delay.

LGIS-2: System Procedures

LGIS-2 addresses detection and response to master reset events and copy protection. The Gaming Enterprise must establish controls to detect, identify, and respond to any occurrence of a master reset on a Critical System Component, and each such event must be logged with a timestamp, relevant component identification, and user context. Copy protection preventing unauthorised duplication or modification of licensed software, including Critical Control Programs, may be implemented as a control at the Gaming Enterprise’s discretion.

LGIS-3: IT Personnel Separation Controls

LGIS-3 establishes a set of hard prohibitions on IT Personnel that directly addresses the fraud and integrity risk of combining technical access with financial authority. IT Personnel must be restricted from accessing or handling financial instruments, liquid financial assets, or wagering instruments in any form. They may not access or revise accounting records and audit documentation. They may not initiate, authorise, or approve entries in general or subsidiary ledgers. They may not access payout forms or other instruments representing patron value.

“IT Personnel may not have signatory authority over financial instruments (e.g., cash, wagering instruments, or equivalents) and payout forms or other instruments representing player value.”

Additionally, IT Personnel must be precluded from unauthorised access to server consoles and user terminals located within gaming areas, source documents such as original accounting records, and live production data files, except where specifically authorised for testing or troubleshooting. Access to test data in non-production environments is permitted under controlled conditions established by the Gaming Enterprise (LGIS-3.2.5). These controls prevent IT staff from combining systems knowledge with the ability to manipulate financial records or gaming outcomes, a separation of duties requirement familiar from Minimum Internal Control Standards (MICS) frameworks maintained by regulators such as the Nevada Gaming Control Board, the New Jersey Division of Gaming Enforcement (DGE), and the Pennsylvania Gaming Control Board (PGCB).

Secured Server Areas and Physical Infrastructure (LGIS-4 and LGIS-5)

LGIS-4 governs the physical security of the server areas and data closets that house Critical System Components and non-gaming IT infrastructure. All locally installed Critical Control Components and non-gaming IT infrastructure must be housed in secured server areas or data closets. The standard requires that access to those areas be restricted to authorised personnel only, with an access log or record maintained and reviewed periodically.

LGIS-5 extends this to access device governance. Access devices used to enter secured server areas or data closets, whether magnetic swipe cards, proximity cards, or embedded chip cards, must be uniquely numbered and assigned, and must be controlled and managed by personnel independent of IT operations and gaming functions. That independence requirement means the team that issues, revokes, and audits physical access credentials cannot be the same team that relies on those credentials for operational access. The Gaming Enterprise must maintain documentation of each type of access device, the functions it controls, and the job positions authorised to hold it. The GIS Policy must clearly assign responsibility for issuance, revocation, and auditing of access devices.

Each access device must be assigned only to personnel who need it to perform their job duties and may only be used by the person to whom it is assigned. Where an access device can be used at multiple Gaming Venues, it must be treated as a sensitive key under LGIS-5.2.6, a provision with direct implications for multi-property operators managing shared credential infrastructure across a casino portfolio.

Logical Access Controls and Session Security (LGIS-6)

LGIS-6 governs logical access management within the venue environment, addressing how systems authenticate users and devices and how sessions are secured when unattended.

Where the Gaming Enterprise employs automated equipment identification mechanisms, those mechanisms must be fully documented, including the identification method, the authorised equipment list, and associated access rights. They must be integrated into the organisation’s logical access control procedures and included in periodic reviews of user access rights and system privileges to confirm that access remains appropriate. They must also support non-repudiation by associating system access with both the authenticated user and the verified equipment (LGIS-6.2.2). This requirement is directly relevant to venues deploying cashless gaming systems, electronic table game interfaces, or kiosk-based patron account management, where a device authenticating on behalf of a patron or employee must be traceable back to an identified, authorised individual.

Session locking under LGIS-6.3 requires that server consoles, workstations, user terminals, portable electronic devices (including electronic tablets and portable terminals), and kiosks within the Gaming Venue automatically secure themselves after a defined period of inactivity. The period of inactivity must be determined by management through a risk assessment and documented within the GIS Policy. For portable electronic devices and kiosks, the GIS Policy must specify the system functions available on or through the device, the controls over user access to those functions, and the procedures for re-authentication following a lockout event.

Gaming Venue Network Security (LGIS-8): Default-Deny Architecture

LGIS-8 is the section most likely to require significant re-engineering at venues that have grown their gaming floor networks incrementally over many years. It establishes a default-deny posture for Critical System Component connectivity.

“The default condition for Critical System Components must be un-enrolled and disabled. Only enrolled and enabled Critical System Components may participate in gaming operations.”

LGIS-8.1 requires that only authorised equipment be permitted to establish communications between any Critical System Components. The Gaming Enterprise must provide a method to perform mutual authentication ensuring that authorised equipment communicates only with valid networks, to enroll and un-enroll Critical System Components, and to enable and disable specific components. The establishment, loss, and reestablishment of communications between Critical System Components must be recorded in an audit log (LGIS-8.1.5).

For Electronic Gaming Equipment (EGE), LGIS-8.2 requires that devices not be connected to their respective Gaming Systems via insecure or unauthorised network connections. Regular audits of EGE network connections and configurations must be performed, and any deviation from approved connection methods must be documented and justified. This control directly interfaces with the GLI-11 v3.0 certification requirements for individual gaming devices: a gaming device that passes GLI-11 certification for its internal logic and game integrity is still subject to the venue-level LGIS-8.2 requirements for how it is connected to the casino management system (CMS) and the wider gaming floor network.

Wireless Infrastructure Controls (LGIS-8.3 and LGIS-8.4)

LGIS-8.3 and LGIS-8.4 address wireless access points (WAPs) and wiring distribution points (WDPs) as specific physical and logical attack surfaces within the gaming venue. WAPs and WDPs must be protected against direct physical access by the general public. Physical locks, tamper-evident seals, or port blockers must be used on unused WDPs (LGIS-8.4.4). The surveillance system must provide coverage for WAPs, WDPs, and other publicly accessible locations in the Gaming Venue that provide network connectivity (LGIS-8.4.5). This provision creates a direct and explicitly stated dependency between the physical surveillance infrastructure and the network security controls: the CCTV or equivalent surveillance system is part of the security architecture for the network, not a separate compliance stream.

Surveillance Integration as a Security Control

The surveillance requirement in LGIS-8.4.5 reflects a broader principle in GLI-GSF-4 that physical and logical security are not separate compliance domains but overlapping ones. Physical security systems, including CCTV, electronic access control readers, and intrusion detection, are explicitly listed as Critical System Components within the GPE definition. This means that the surveillance infrastructure itself is subject to the same integrity, access control, and audit requirements as gaming devices and back-office servers. Surveillance system configurations must be protected, access to surveillance footage and management systems must be role-based and logged, and any failure or compromise of the surveillance system falls within the GIS incident taxonomy.

The GIS incident taxonomy under GLI-GSF-4 captures events including unauthorised access to sensitive data or Critical System Components, malicious code execution or ransomware infection within the GPE, loss or unauthorised disclosure of personally identifiable information (PII), system outages or disruptions affecting the integrity or availability of gaming operations for a defined period (the standard references 15 minutes as a threshold), detection of tampering with gaming software or hardware, repeated failed login attempts indicative of brute-force attacks, compromise or misuse of administrative credentials or security certificates, and security configuration changes made outside authorised change management processes. Each of these categories applies equally to the surveillance infrastructure as it does to gaming floor systems.

How GLI-GSF-4 Works Alongside GLI-11

GLI-11 v3.0 is GLI’s gaming devices standard, covering the certification pathway for slot machines, electronic gaming machines (EGMs), and related device-level hardware and software. GLI-11 addresses game logic, RNG implementation, display requirements, accounting meter integrity, and the device-level technical parameters that a Regulatory Body typically mandates for type approval. GLI-GSF-4, by contrast, addresses the security of the environment in which those devices operate.

The two standards operate at different layers. A gaming device may carry a GLI-11 certification confirming that its internal software is approved and its meters are accurate, but that certification does not cover how the device is connected to the gaming floor network, how access to the server managing that device is controlled, how the physical server room is protected, or how audit logs from the device are handled at the venue level. GLI-GSF-4 governs all of those environmental controls. Similarly, GLI-13 v3.0, which covers Monitoring and Control Systems and Validation Systems, explicitly recommends adherence to the GLI-GSF for the security controls applicable to the gaming production environment. GLI-13 notes that the GLI-GSF defines the technical security controls and testing requirements assessed during evaluations, including operational process reviews and penetration testing. A complete compliance programme for a land-based gaming venue requires both a certified device base (GLI-11, GLI-13) and a certified security environment (GLI-GSF-4 read alongside GLI-GSF-1). Compliance teams that separate device certification from environmental security governance create a structural gap that Regulatory Bodies are increasingly positioned to identify during audit.

For compliance professionals familiar with the GLI Certification hub, the broader trajectory is clear: the GLI-GSF is positioning itself as the unified security layer across all GLI product standards, with GLI-GSF-4 filling the land-based-specific gap that GLI-27 previously addressed, and future modules expected to absorb the security appendices from GLI-19 and GLI-33 for interactive and event wagering contexts. Teams managing ISO/IEC 27001 programmes alongside GLI-GSF obligations will find that the control taxonomy in GLI-GSF-1 (which draws on the CIS Controls framework) maps reasonably well onto ISO 27001 Annex A controls, but the gaming-specific extensions in GLI-GSF-4, particularly the IT Personnel separation requirements and the network default-deny posture, go beyond what a generic ISMS would prescribe. A fuller treatment of how ISO 27001 interacts with gaming-specific security frameworks appears in our analysis of ISO/IEC 27001 in iGaming: Why Most Compliance Teams Get It Wrong.

Regulatory Adoption and the Path to Requirement

GLI-GSF-4 may be adopted in whole or in part by any Regulatory Body that wishes to implement a comprehensive set of GIS Controls for land-based gaming, in conjunction with the Common GIS Controls from GLI-GSF-1. The standard does not mandate itself: adoption depends on individual jurisdictions incorporating GLI-GSF-4 into their licence conditions, minimum internal control standards, or technical certification requirements. Regulatory Bodies in North American markets, including those administered by state and tribal gaming commissions, and gaming regulators in Latin American markets where GLI standards are referenced, such as under Coljuegos in Colombia and the framework emerging under Brazil’s Bets Act, are the natural early adopters. In European regulated markets, where ISO/IEC 27001 and jurisdiction-specific technical standards such as the KSA’s Gaming System Assessment Scheme v2.1 in the Netherlands have historically carried more regulatory weight than GLI certifications for online operations, the uptake of GLI-GSF-4 for land-based venues will follow the pace at which Regulatory Bodies formally reference it.

Compliance teams at Gaming Enterprises should not wait for formal adoption. The LGIS controls represent current industry consensus on what adequate land-based gaming security requires, covering the IT Personnel separation rules, the default-deny network posture, the access device independence requirements, and the surveillance-as-security-component framing. Regulators conducting gaming production environment assessments, whether they formally cite GLI-GSF-4 or not, will increasingly measure findings against this standard as a benchmark. Gaming Enterprises that have pre-mapped their environments against the LGIS control set will be better positioned to demonstrate compliance during regulatory examinations and to respond coherently to remediation requests. Qualified legal counsel should be consulted on how any given Regulatory Body has adopted or referenced GLI-GSF-4 within its specific licensing and technical requirements.

Key Resources

GLI-GSF-4 Gaming Information Security (GIS) Controls Audit, Land-based Audit v1.0, Gaming Laboratories International, LLC (Copyright 2025). Available free at gaminglabs.com/gli-standards.

GLI-GSF-1 Gaming Information Security (GIS) Controls Audit v1.1, Gaming Laboratories International, LLC. The common controls baseline that GLI-GSF-4 extends. Available at the same URL.

GLI-11 Gaming Devices v3.0, Gaming Laboratories International, LLC. The device-level certification standard that operates alongside GLI-GSF-4 for gaming floor hardware. Available at gaminglabs.com/gli-standards.

GLI-13 Standards for Monitoring and Control Systems and Validation Systems v3.0, Gaming Laboratories International, LLC. Recommends GLI-GSF adherence for casino management system security assessments. Available at gaminglabs.com/gli-standards.