N.Y. Comp. Codes R. & Regs. tit. 9 § 5317.32

Current through Register Vol. 46, No. 45, November 2, 2024

Section 5317.32 - Security requirements

(a) Access control. The MCS shall support either a hierarchical role structure whereby user and password define program or individual-menu-item access or logon program/device security based strictly on user and password or personal identification number. In addition, the MCS shall not permit the alteration of any significant log information communicated from the gaming device. Additionally, there shall be a provision for system administrator notification and user lockout or audit trail entry, after a set number of unsuccessful login attempts.

(b) Data alteration. The MCS shall not permit the alteration of any accounting or significant-event-log information that was properly communicated from the gaming device without supervised access controls. In the event that financial data is changed, an automated audit log shall be capable of being produced to document:

(1) data element altered;

(2) data element value prior to alteration;

(3) data element value after alteration;

(4) time and date of the alteration; and

(5) personnel who performed the alteration (by reporting user login).

(c) Additional system features; gaming device program verification requirements. If supported, a MCS may provide redundant functionality to check gaming device game software. The following information shall be reviewed for validity prior to implementation:

(1) software signature algorithm or algorithms; and

(2) data communications error-check algorithm or algorithms.

N.Y. Comp. Codes R. & Regs. Tit. 9 § 5317.32

Adopted New York State Register November 16, 2016/Volume XXXVIII, Issue 46, eff. 11/16/2016