Current through Register Vol. 54, No. 44, November 2, 2024
(a)
Definitions. The following words and terms, when used in this
chapter, have the following meanings, unless the context clearly indicates
otherwise:
Computer access or logical access-The
ability of a person or process to obtain information from, or execute an action
in, a slot computer system in accordance with privileges established by a slot
machine licensee. The privileges shall be specified by an approved level of
computer access.
Firewall-
(i) Dedicated computer hardware, software and
the related security policy that protects a slot computer system, its software
and data from access by other computer systems and users not specifically
authorized to access the slot computer system, its software or data through
procedures such as monitoring and analyzing all data packets on a real-time
basis and automatically rejecting all unauthorized communications.
(ii) The term includes, without limitation,
logging and reporting, automatic alarms and a user interface for controlling
the firewall.
Level of computer access-
(i) The particular privileges granted to a
person in a slot computer system by a slot machine licensee, such as read,
modify and execute.
(ii) The
privileges shall vary by slot computer system program, process, library or
directory, according to the following:
(A)
Position title and job code, for an employee of the slot machine
licensee.
(B) Responsibilities and
functions authorized to be performed, for any person not employed by the slot
machine licensee.
Slot computer system-All aspects of a
computer system which the act, this part or any technical standards adopted by
the Board either require or permit to be utilized by a slot machine licensee in
the conduct of, or monitoring of, slot machine operations including hardware,
software and network interfaces used in connection with the operation of a slot
monitoring system, casino management system, player tracking system, external
bonusing system, cashless funds transfer system and gaming voucher system. A
slot computer system may not be construed to include the following:
(i) A slot machine or bill
validator.
(ii) A wide area
progressive slot system.
(iii) A
computer system that does not constitute a slot computer system and is
connected to a slot computer system in accordance with subsection (f) and
through a firewall which has the ability to:
(A) Maintain a list of each device, person or
process authorized to obtain computer access to the slot computer
system.
(B) Generate daily
monitoring logs to inform the slot machine licensee of any unsuccessful
attempts by a device, person or process to obtain computer access to the slot
computer system.
(C) Authenticate
the identity of each device, person and process from which communication is
recorded before granting computer access to the slot computer system to the
device, person or process.
(iv) Other computer systems or applications
that the Board determines are not slot computer systems.
(b)
Authorized locations.
(1) All aspects of a slot machine licensee's
production slot computer system shall be located within the licensed facility.
For the purposes of this section, a "production slot computer system" shall be
defined as the slot machine licensee's primary slot computer system comprised
of a collection of hardware and software used to process or monitor, in real
time, slot machine activity. A production slot computer system includes any
segregated testing component.
(2)
With the written approval of the Board, a slot machine licensee's back-up slot
computer system, or any portion thereof, may reside in a computer located in a
secure location, referred to as a "remote computer," under the custody and
control of an affiliate, intermediary, subsidiary or holding company licensed
by the Board, referred to as a "host entity." For the purposes in this section,
a back-up system may consist of either a mirrored back-up system which
duplicates the production system by recording all slot related operations on a
real time basis and is designed to become the production system whenever needed
or a periodic back-up system which consists of regularly scheduled recording of
selected data which may include a complete image of the production system or
any portion thereof. At a minimum, a slot machine licensee requesting
authorization to allow a back up slot computer system to reside outside the
licensed facility shall establish that:
(i)
Communications between the remote computer and the slot machine licensee's slot
computer system occur using a dedicated and secure communication medium, such
as a leased line.
(ii) The remote
computer automatically performs the following functions:
(A) Generates daily monitoring logs and real
time alert messages to inform the slot machine licensee and host entity of any
system performance problems and hardware problems.
(B) Generates daily monitoring logs and real
time alert messages to inform the slot machine licensee of any software
errors.
(C) Generates daily
monitoring logs to inform the slot machine licensee of any unsuccessful
attempts by a device, person or process to obtain computer access.
(D) Authenticates the identity of every
device, person and process from which communications are received before
granting computer access to the device, person or process.
(E) Ensures that data sent through a
transmission is completely and accurately received.
(F) Detects the presence of corrupt or lost
data and, as necessary, rejects the transmission.
(3) Unless a remote computer is
used exclusively to maintain the slot computer system of the slot machine
licensee, it shall be partitioned in a manner approved by the Board and include
the following:
(i) A partition manager that
complies with the following requirements:
(A)
The partition manager must be comprised of hardware or software, or both, and
perform all partition management tasks for a remote computer, including
creating the partitions and allocating system resources to each
partition.
(B) The slot machine
licensee and host entity shall jointly designate and each shall identify the
security officer who shall be responsible for administering the partition
manager and maintaining access codes to the partition manager. The security
officer shall be an employee of the slot machine licensee or host entity and
shall be licensed as a key employee in this Commonwealth.
(C) Special rights and privileges in the
partition manager such as administrator shall be restricted to the information
technology director and the security officer of the slot machine licensee or
host entity who shall be licensed as key employees in this
Commonwealth.
(D) Access to the
partition manager shall be limited to employees of the information technology
departments of the slot machine licensee and host entity.
(E) Software-based partition managers
contained in a remote computer shall be functionally limited to performing
partition management tasks for the remote computer, while partition managers
using hardware and software that are not part of a remote computer may be
utilized to perform other functions for a remote computer that are approved by
the Board.
(ii) A
separate and distinct partition established for the slot machine licensee's
slot computer system that complies with the following requirements:
(A) The partition shall be limited to
maintaining the software and data of the slot machine licensee for which the
partition has been established.
(B)
The security officer of the slot machine licensee for which the partition has
been established shall be licensed as a key employee in this Commonwealth and
shall be responsible for maintenance of access codes to the
partition.
(C) Special rights and
privileges in the partition such as administrator shall be restricted to the
security officer and the information technology director of the slot machine
licensee for which the partition has been established.
(iii) Separate and distinct operating system
software, application software and computer access controls for the partition
manager and each separate partition.
(c) The Board may permit a slot machine
licensee to establish a partition, within a computer that contains its slot
computer system, for its affiliate, intermediary, subsidiary or holding company
provided that:
(1) A partition manager
comprised of hardware or software, or both, is utilized to perform all
partition management tasks, including creating the partitions and allocating
system resources to each partition.
(2) A security officer is designated within
the information technology department of the slot machine licensee to be
responsible for administering the partition manager and maintaining access
codes to the partition manager. Special rights and privileges in the partition
manager such as administrator shall be restricted to the security officer and
the information technology director of the slot machine licensee.
(3) Special rights and privileges in any
partition which has been established for the benefit of an affiliate,
intermediary, subsidiary or holding company shall be restricted to the security
officer and information technology director of the affiliate, intermediary,
subsidiary or holding company.
(d) The Board may permit a slot machine
licensee to maintain back-up or duplicate copies of the software and data of
its slot computer system, or any portion thereof, in removable storage media
devices, such as magnetic tapes or disks, in a secure location within a
licensed facility or other secure location outside the licensed facility as
approved by the Board for the purposes of disaster recovery.
(e) Notwithstanding the provisions of
subsection (b), upon the declaration of a disaster affecting the slot computer
system by the chief executive officer of the slot machine licensee and with the
prior written approval of the Board, a slot machine licensee may maintain the
software and data of its slot computer system, or any portion thereof, in a
computer located in a secure location outside the licensed facility.
(f) A slot machine licensee may locate
software or data not related to a slot computer system, such as food and
beverage related software or data, in a computer located outside the licensed
facility. With the written approval of the Board, a slot machine licensee may
connect the computer to a slot computer system, provided that:
(1) Logical access to computer software and
data of the slot computer system is appropriately limited.
(2) Communications with all portions of the
slot computer system occur using a dedicated and secure communications medium,
such as a leased line.
(3) The slot
machine licensee complies with other connection specific requirements required
by the Board.
(g) The
Board may waive one or more of the technical requirements applicable to slot
computer systems adopted by the Board upon a determination that the
nonconforming system protocols nonetheless meet the integrity requirements of
the act, this part and technical standards adopted by the Board.
This section cited in 58 Pa. Code §
466a.1 (relating to slot computer
systems generaly).
