1.18 A recognized industry standard framework shall be used to manage the information technology (IT) control environment to support compliance with the Standards and Requirements.
1.19 Users shall be granted access to the gaming system based on business need.
Requirements – At a minimum:
1.20 Access to gaming information systems shall be monitored, logged and shall be traceable to a specific individual.
Requirements – At a minimum:
1.21 Processes shall be in place to ensure that only authorized individuals are permitted to open system accounts.
1.22 Industry accepted components, both hardware and software, shall be used where possible.
1.23 Any connection or interface between the gaming system and any other system, whether internal or external third party, shall be monitored, hardened and regularly assessed to ensure the integrity and security of the gaming system.
1.24 Mechanisms shall be in place to ensure the reliability, integrity and availability of the gaming system.
1.25 There shall be a suitably secure physical environment in place to prevent unauthorized access to the gaming system and to ensure the protection of assets.
1.26 Gaming systems, infrastructure, data, activity logs and all other related components shall be protected from threats, vulnerabilities, attacks or breaches.
Requirements – At a minimum:
1.27 Security activities shall be logged in an auditable manner, monitored, promptly analyzed and a report prepared and escalated as appropriate.
Requirements – At a minimum:
1.28 Independent assessments shall be regularly performed by a qualified individual to verify the adequacy of gaming system security and all of its related components.
1.29 Operators and gaming-related suppliers shall stay current on security trends, issues and solutions.