Published: March 20, 2023

RFP: Multi-State Lottery Association (MUSL): Managed Security Services Provider (MSSP)


Multi-State Lottery Association – Request for Proposal

Date of Issuance: March 17, 2023 - Proposals to RFP Due March 30, 2023

Introduction to MUSL The Multi-State Lottery Association (MUSL) is an unincorporated non-profit government benefit association owned and operated by thirty- eight (38) governmental lotteries (Member Lotteries). MUSL assists both Member Lotteries and additional lotteries licensed to sell multi-jurisdictional lottery games such as Powerball, in the operation and sale of those lottery games. As part of its services to Member Lotteries, MUSL develops and maintains websites for the promotion of these games.

Background MUSL seeks to establish a contract with a Managed Security Services Provider (MSSP) to provide Detection and Response (MDR) services, Security Incident and Event Management (SIEM) services, and Security Operations Center (SOC) services in support of MUSL’s Information Security Policy.

Organizational Context The MUSL Information Technology (MUSL IT) Department provides information technology (IT) services to the business units of MUSL. MUSL IT is responsible for the implementation and ongoing support of MUSL’s IT systems while ensuring that IT services are aligned and in support of MUSL’s business objectives. The MUSL Information Security (MUSL IS) Department provides information security services to the business units of MUSL. MUSL IS provides services and support to meet the needs of all business units within MUSL and ensures the necessary governance controls are in place and policies are followed. The MSSP engaged will provide MDR, SIEM, and SOC as a Service to MUSL in close liaison with MUSL IT and IS.

Operational Context MUSL’s primary purpose is to ensure timely and successful operation of its multi-jurisdictional lottery games. MUSL maintains systems and data that are critical to its operations and must be adequately protected. MUSL wants to ensure strong security at the right cost for its organization through a combination of information, processes and scalable security systems.

Business Objectives MUSL is putting in place strong and consistent security controls to protect its information systems in alignment with its Information Security Policy. The overall objective of this initiative is to enhance the security of its information systems in order to achieve compliance with its own internal policies and in the future, industry recognized cybersecurity frameworks. 2 The implementation of services provided by MDR, SIEM, and SOC solutions in this RFP have been identified as one of the requirements in the Information Security Policy.


© Public Gaming Research Institute. All rights reserved.