Network Infrastructure
7.1.1 Communication protocol among ELS components over network infrastructure must be secure, must maintain Lottery Game integrity, and must prevent any unauthorized access to Personally Identifiable Information (PII).
7.1.2 Network components must have synchronized time to preserve logging and auditing capability.
7.1.3 All gaming related network traffic exposed to public networks must be secured using industry standard methods proven to prevent unauthorized access or alteration of information.
7.1.4 Network architecture must be designed in a way to prevent a large volume of communications from causing a security or integrity issue.
Security
7.1.5 The ELS must be designed for immunity against security attacks. This includes, but is not limited to implementing security in depth (multiple layers of security so that if one layer is bypassed the attack still has to get through the next layer), and active monitoring of potential threats together with effective automated controls to prevent attacks from being effective (such as preventing attacks from moving between components of the system or to other systems).
Independent Security Assessment
7.1.6 Publicly exposed ELS’ (for example Web applications accessible through public networks) must be protected with adequate security measures to prevent any integrity or security issues.
7.1.7 New ELS’ that are publicly exposed must be independently assessed by qualified individuals in accordance with industry good practices to ensure that security vulnerabilities are identified and addressed, and residual risks are confirmed to be negligible.
7.1.8 At the discretion of the Registrar, certain modifications to publicly exposed ELS’ will require independent security assessment, for example when the complexity or volume of changes from the previously approved ELS is expected to impact security risks.
Submission Requirements
7.1.9 Gaming-Related Suppliers must provide necessary information, training and tools pertaining to the ELS for which the approval is being requested to help facilitate AGCO assessment, testing, and issuing decisions in a timely manner.
7.1.10 All requests for approval of ELS must adhere to the submission requirements, “AGCO Gaming Technology Submission Requirements”.
Ensuring the Ongoing Integrity of Approved Electronic Lottery Systems
7.1.11 Gaming-Related Suppliers and Operators must promptly notify each other, and the Registrar per the Gaming Notification Matrix, of any integrity, security or accounting capability concerns with the approved ELS.