Statutes, codes, and regulations
New Jersey Administrative Code
Title 13 - LAW AND PUBLIC SAFETYChapter 69D - GAMING OPERATION ACCOUNTING CONTROLS AND STANDARDS
Subchapter 2 - CASINO COMPUTER SYSTEMS
Section 13:69D-2.3 - Installation and change controls for controlled computer systems

N.J. Admin. Code § 13:69D-2.3

Download
PDF
Current through Register Vol. 56, No. 12, June 17, 2024
Section 13:69D-2.3 - Installation and change controls for controlled computer systems
(a) Each casino licensee shall maintain internal controls that govern the creation, modification, replacement, installation, and use of controlled software.
(b) A casino licensee may utilize the services of a third party to comply with the requirements of this subsection provided such third party is appropriately qualified, licensed or registered or a qualified affiliate.
(c) The casino licensee shall ensure the integrity of all controlled software created by the casino licensee, its affiliated casino licensee or qualified affiliate. Division best practice is to review source code prior to use where the review is:
1. Performed by a person capable of reviewing the source code for security issues which could lead to fraud or misuse;
2. Performed by someone other than the programmer(s) of the source code;
3. Completed within three business days following an emergency installation; and
4. Documented using a method which identifies the date the source code was reviewed, the person(s) who reviewed the source code, and the reviewer's findings or concerns.
(d) The casino licensee shall ensure all software utilized works as intended and functions properly in compliance with the Division's rules prior to installation. Division best practice is to evaluate the functionality and integrity of the software by utilizing a test that:
1. Is performed by someone other than the programmer(s) of the code;
2. Ensures the software works as intended with no adverse effect on other applications, reports, or processes;
3. Ensures the software operates in accordance with applicable rules of the Division;
4. Ensures the software is free from potential security weaknesses and cannot be exploited for fraud or theft;
5. Is completed within three business days following an emergency installation; and
6. Is documented using a method to identify the date the test was complete, the person(s) who performed the test, and any findings or concerns that were observed.
(e) Controlled software shall not be installed by a casino licensee unless it has been approved for use by the casino licensee's IT Director or designee.
(f) Prior to the installation, change, or upgrade of controlled hardware and software, the casino licensee shall ensure that:
1. It has the ability to revert back to the previous state without impacting the integrity of any critical data and software; and
2. The Division is provided with Release Notes three business days in advance except as provided in (g) below.
(g) The casino licensee may install or replace controlled hardware or software without prior notification to the Division when an unexpected event critically impacts the integrity or functionality of the system. The casino licensee shall provide notice to the Division within one business day, and shall provide Release Notes within three business days of installation.

N.J. Admin. Code § 13:69D-2.3

Amended by 49 N.J.R. 3781(a), effective 12/4/2017