A police officer stands in front of the closed Las Vegas Strip next to the site of the Route 91 music festival mass shooting outside the Mandalay Bay Resort and Casino in Las Vegas, Nevada, October 3, 2017.

Stadiums, corporate buildings and other facilities that draw crowds have strengthened their security since 9/11, and in return, they have earned U.S. protections in the event their efforts fail to prevent a terrorist attack and they are sued. But hotels have not received the same safeguards.

Las Vegas' world-famous casino-resorts have long been known to be of interest to terrorists, but the constant flow of people may pose a challenge to earning liability protections under a little-known federal law, an expert said. For the first time, the law is at the center of a legal battle after MGM Resorts International invoked it to sue hundreds of victims of the deadliest shooting in modern U.S. history to avoid paying out for lawsuits.

The law was enacted in 2002 to urge development and use of anti-terrorism technologies by providing companies a way to limit liability if their federally vetted and approved products or services don't prevent an attack. The U.S. Department of Homeland Security has certified hundreds of security systems, software and equipment, ranging from unarmed guards at shopping malls to flight deck doors.

A publicly available database of all federally approved security technologies does not list hospitality companies. Homeland Security does not disclose what companies have sought approvals and were denied.

The Associated Press asked four of the largest casino operators — MGM Resorts International, Caesars Entertainment, Wynn Resorts and Las Vegas Sands — whether they have applied for certifications. Only MGM offered a general comment.

"MGM Resorts' security teams work closely with federal, state and local law enforcement and we follow FBI and DHS standards and training for a variety of situations, including terrorism," spokeswoman Debra DeShong said in a statement. "When necessary to engage contract security vendors, we seek out the best security services available for the given event and location."

A high-stakes gambler opened fire from the windows of a room at MGM's Mandalay Bay casino-resort last year, killing 58 people at a concert whose contractor-provided security was federally certified.

Casino operators interested in earning federal approvals would have to show the government that security at their properties not only seeks out gambling cheaters but also signs of terrorism, said attorney Brian Finch, who has helped dozens of clients get their systems certified. He said companies can delineate what part of their property they want to get certified, whether it is only the casino floor, hotel tower or convention center.

"A lot of those cameras are anti-theft and anti-cheating," Finch said. "What they would have to show is that those cameras are equally useful for terrorist threats, such as identifying knife fights or someone trying to put something on their ventilation system."

Not every hotel may qualify for federal approvals, Finch said, but high-profile properties may be eligible given the efforts companies make to protect their assets and guests. The challenge faced by the hospitality industry is that unlike at a concert venue, people are constantly coming and going, he said.

Casino security experts told the AP that security personnel at Las Vegas casino-resorts already look for signs of terrorism, not just gambling-related issues, and work closely with authorities to identify best practices. The security chiefs of virtually all the large casino operators also meet regularly.

"It really doesn't matter what the crime is, whether it is terrorism or somebody who is looking to rob a guest or burglarize a hotel room, that's what they are looking for," said Robert Gardner, a security and crime prevention adviser. "And there are common indicators to all of those. What it boils down to is things and activities that look out of place."

Getting security systems federally approved is free, but the process is stringent. Finch said he often tells prospective applicants that their technologies are not ready.

Companies are able to seek the approval for only some of their properties.

For example, Brookfield Office Properties, a commercial real estate company with properties across North America, has held a certification since 2013 for a set of policies and procedures to deter, delay and mitigate terrorist activity at the World Financial Center shopping and office building complex in New York.

In recent years, stadiums nationwide have been seeking U.S. sign-off. Little Caesars Arena in Detroit and Citi Field in New York are among the most recent approvals.

Contemporary Services, which provides security services across the U.S., including at Super Bowls, was responsible for MGM's outdoor concert venue on the Las Vegas Strip where the victims were shot Oct. 1.

Less than six months before, a set of CSC's "enhanced, customer-driven activities, including physical security, access control and crowd management" were certified by Homeland Security. Now, MGM is using that certification to argue that it has no liability to survivors or families of slain victims.

Some experts on the federal law disagree with MGM's interpretation of it. And the company's lawsuits led Homeland Security to say its secretary "possesses the authority to determine whether an act was an 'act of terrorism'" under the law, and it "has not made any such determination regarding" the shooting.

Finch said the Las Vegas mass shooting and similar incidents may lead hotel operators and other companies to consider looking into the protections offered under the Support Anti-terrorism by Fostering Effective Technologies Act of 2002.

"The incentive is the liability protection if something terrible happens," he said.