Statutes, codes, and regulations
Maryland Administrative code
Title 36 - MARYLAND STATE LOTTERY AND GAMING CONTROL AGENCYSubtitle 07 - INSTANT BINGO MACHINES IN ANNE ARUNDEL AND CALVERT COUNTIES
Chapter 36.07.06 - Technical Standards
Section 36.07.06.09 - Remote Access

Md. Code Regs. 36.07.06.09

Download
PDF
Current through Register Vol. 51, No. 22, November 1, 2024
Section 36.07.06.09 - Remote Access
A. A manufacturer may not perform from a remote location analysis of, or technical support with regard to, an instant bingo machine or instant bingo validation and accounting system without:
(1) Submission of a written request to the Commission; and
(2) The written approval of the Commission.
B. A facility operator intending to authorize remote access to an instant bingo validation and accounting system under this regulation shall include in its internal controls submitted for Commission approval under a written system of access protocols which require:
(1) A unique system account for each employee of a manufacturer identified by the manufacturer as potentially required to perform technical support from a remote location;
(2) Use of a dedicated and secure communication facility;
(3) Prior notice by the manufacturer of intent to remotely access a system to the:
(a) Facility operator; and
(b) Commission;
(4) The facility operator to take affirmative steps, on a per access basis, to activate a manufacturer's access privileges;
(5) Imposition of limits on the ability of any individual authorized under this regulation to deliberately or inadvertently interfere with:
(a) The normal operation of the system; and
(b) Its data;
(6) An access log:
(a) Maintained by both the:
(i) Manufacturer; and
(ii) Facility operator's information technology department;
(b) Maintained in:
(i) A book with bound numbered pages that cannot be readily removed; or
(ii) An electronic format equipped with software that prevents modification of an entry after it has been initially entered into the system; and
(c) Documenting the:
(i) Manufacturer version number of the system accessed;
(ii) Type of connection as leased line, dial in modem, or private WAN;
(iii) Name of the manufacturer employee remotely accessing the system;
(iv) Name of the information technology department employee activating the manufacturer's access to the system;
(v) Date and time of the connection;
(vi) Duration of the connection;
(vii) Reason for the remote access including a description of the symptoms or malfunction prompting the need for remote access to the system; and
(viii) Any action taken or further action required.
C. A facility operator may not authorize a manufacturer to remotely access an instant bingo validation and accounting system until its system access protocols are approved in writing by the Commission.
D. Any modification to a system required to be tested, certified and approved by the Commission shall be processed as:
(1) An emergency modification under Regulation .05 of this chapter; or
(2) A standard modification under Regulations .02(B) and .03(B) of this chapter.
E. If an employee of a manufacturer is no longer employed or authorized by a manufacturer to remotely access a system pursuant to this regulation, the manufacturer shall:
(1) Immediately notify in writing:
(a) Any facility operator that has established a unique system account for that employee of the change in authorization; and
(b) The Commission; and
(2) Verify with each facility operator notified of the change in authorization that the access privileges of the individual have been revoked.

Md. Code Regs. 36.07.06.09

Regulations .09 adopted as an emergency provision effective 40:20 Md. R. 1650, eff.8/26/2013 ; adopted permanently effective December 12, 2013 40:24 Md. R. 2019, eff.8/26/2013