This section provides minimum standards for electronic data communications with gaming equipment or components used with Class II gaming systems.
(a) Sensitive data.
Communication of sensitive data shall be secure from eavesdropping, access, tampering, intrusion or alteration unauthorized by the tribal gaming regulatory authority. Sensitive data shall include, but not be limited to:
(1)
RNG seeds and outcomes;
(2)
Encryption keys, where the implementation chosen requires transmission of keys;
(5)
Financial instrument transactions;
(7)
Player tracking information;
(8)
Download Packages; and
(9)
Any information that affects game outcome.
(b) Wireless communications.
(1)
Wireless access points shall not be accessible to the general public.
(2)
Open or unsecured wireless communications are prohibited.
(3)
Wireless communications shall be secured using a methodology that makes eavesdropping, access, tampering, intrusion or alteration impractical. By way of illustration, such methodologies include encryption, frequency hopping, and code division multiplex access (as in cell phone technology).
(c)
Methodologies shall be used that will ensure the reliable transfer of data and provide a reasonable ability to detect and act upon any corruption of the data.
(d)
Class II gaming systems shall record detectable, unauthorized access or intrusion attempts.
(e)
Remote communications shall only be allowed if authorized by the tribal gaming regulatory authority. Class II gaming systems shall have the ability to enable or disable remote access, and the default state shall be set to disabled.
(f)
Failure of data communications shall not affect the integrity of critical memory.
(g)
The Class II gaming system shall log the establishment, loss, and re-establishment of data communications between sensitive Class II gaming system components.