EGS Gaming at Pari-Mutuel Wagering Facilities must at a minimum utilize an On-Line Monitoring System that maintains all financial and security data. The rules outlined within this section apply to all Critical Systems (systems that have an effect on the integrity of EGS Gaming.)
25.1 Phases of System Testing
All Critical Systems must endure the following phases of tests:
(a) Phase I - Within the laboratory setting; and
(b) Phase II - On-site following the initial install of the system to ensure proper configuration of the equipment and installation of the security applications.
25.2 Interface Elements
An Interface Element, where applicable, is any component within a system that is external to the operations of the EGS that assists in the collection and processing of data that is sent to a system. All critical Interface Elements shall:
(a) Be installed in a secure area (which may be inside an EGS).
(b) The Interface Element setup/Configuration menu(s) must not be available unless using an authorized access method.
(c) When not directly communicating with EGS meters, the Interface Element must maintain separate electronic meters, of sufficient length, to preclude the loss of information from meter rollovers, or a means to identify multiple rollovers, as provided for in the connected EGS. These electronic meters should be capable of being reviewed on demand at the Interface Element level via an authorized access method.
(d) The Interface Element must retain the required information after a power loss for a minimum of 30 days. If this data is stored in volatile RAM, a Battery Backup must be installed within the Interface Element.
(e) If unable to communicate the required information to the On-Line Monitoring System, the Interface Element must provide a means to preserve all mandatory meter and Significant Event information until at such time as it can be communicated to the On-Line Monitoring System. EGS operation may continue until critical data is overwritten and lost. There must be a method to check for corruption of the above data storage locations.
(f) The Interface Element must allow for the association of a unique identification number to be used in conjunction with an EGS file on the On-Line Monitoring System. This identification number will be used by the On-Line Monitoring System to track all mandatory information of the associated EGS. Additionally, the On-Line Monitoring System should not allow for a duplicate EGS file entry of this identification number.
(g) An On-Line Monitoring System may possess a Front End Processor (FEP) that gathers and relays all data from the connected Data Collectors to the associated database(s). The Data Collectors, in turn, collect all data from, connected EGS. Communication between components must be a defined Communication Protocol(s) and function as indicated by the Communication Protocol(s). An On-Line Monitoring System must provide for the following:
i All critical data Communication shall be Protocol based and/or incorporate an error detection and correction scheme to ensure an accuracy of ninety-nine percent (99%) or better of messages received; and
ii All critical data Communication that may affect revenue and is unsecured either in transmission or implementation shall employ encryption. The encryption Algorithm shall employ variable keys or similar methodology to preserve secure Communication.
25.3 System Server(s)
System Server(s), networked system(s) or distributed system(s) that directs the overall operation and an associated Database(s) that stores all entered and collected system information, is considered the ‘Server’. In addition, the Server shall:
(a) Maintain an internal clock that reflects the current time in 24-hr format and data that shall be used to provide for the following:
i. Time stamping of Significant Events, Section 24.57;
ii. Reference clock for reporting; and
iii. Time stamping of Configuration changes.
iv. If multiple clocks are supported, the On-Line Monitoring System shall have a facility whereby it is able to update those clocks in On-Line Monitoring System components where conflicting information could occur.
25.4 Remote Access Requirements
If supported, System(s) may utilize password controlled remote access, provided the following requirements are met:
(a) A ‘Remote Access User Activity’ log is maintained depicting logon name, time/date, duration, activity while logged in;
(b) No unauthorized remote user administration functionality (adding users, changing permissions, etc.);
(c) No unauthorized access to Database other than information retrieval using existing functions;
(d) No unauthorized access to operating system; and
(e) If remote access is to be continuous basis then a Network filter (firewall) should be installed to protect access.
25.5 Security Access Control
The On-Line Monitoring System must support either a hierarchical role structure whereby user and password define program or individual menu item access or logon program/device security based strictly on user and password or PIN. In addition, the On-Line Monitoring System shall not permit the alteration of any significant log information communicated from the EGS. Additionally, there should be a provision for system administrator notification and user lockout or audit trail entry, after a set number of unsuccessful login attempts.
25.6 Data Alteration
The On-Line Monitoring System shall not permit the alteration of any accounting or significant event log information that was properly communicated from the EGS without supervised access controls. In the event financial data is changed, an audit log must be capable of being produced to document:
(a) Data element altered;
(b) Data element value prior to alteration;
(c) Data element value after alteration;
(d) Time and Date of alteration; and
(e) Personnel that performed alteration (user login).
25.7 System Back-Up
The System(s) shall have sufficient redundancy and modularity so that if any single component or part of a component fails, gaming can continue. There shall be redundant copies of each log file or system Database or both, with open support for Backups and restoration.
25.8 Recovery Requirements
In the event of a catastrophic failure when the System(s) cannot be restarted in any other way, it shall be possible to reload the system from the last viable Backup point and fully recover the contents of that Backup, recommended to consist of at least the following information:
(a) Significant Events, Section 24.57;
(b) Accounting information;
(c) Auditing information; and
(d) Specific site information such as device file, employee file, progressive set-up, etc.
25.9 Downloading of Interface Element Control Programs
If supported, a System may utilize writable program storage technology to update Interface Element software if all of the following requirements are met:
(a) Writable program storage functionality must be, at a minimum, password-protected, and should be at a supervisor level. The System can continue to locate and verify versions currently running but it cannot load code that is not currently running on the system without user intervention;
(b) A non-alterable audit log must record the time/date of a writable program storage download and some provision must be made to associate this log with which version(s) of code was downloaded, and the user who initiated the download. A separate Download Audit Log Report would be ideal; and
(c) All modifications to the download executable or other file(s) must be submitted to the Test Laboratory for approval. The laboratory will assign signatures to any relevant executable code and file(s) that should be verified by a regulator in the field. Additionally, all downloadable files must be available to a regulator to verify the signature.
(d) The system must have the ability to verify the program on demand for regulatory audit purposes.
The above refers to loading of new system executable code only. Other program parameters may be updated as long as the process is securely controlled and subject to audit. The parameters will have to be reviewed on an individual basis.
25.10 Self Monitoring of Gaming System Servers
The Systems must implement self monitoring of all critical Interface Elements (e.g. Central hosts, network devices, firewalls, links to third parties, etc.) and shall have the ability to effectively notify the system administrator of the condition, provided the condition is not catastrophic.