Sec. 36.04.01.31. Remote Access

Latest version.

A. A manufacturer may not perform from a remote location analysis of, or technical support with regard to, a video lottery terminal without:

(1) Submission of a written request to the Commission; and

(2) The written approval of the Commission.

B. A manufacturer may perform from a remote location analysis of, or technical support with regard to, a facility operators video lottery systems including, but not limited to, a:

(1) Gaming ticket system;

(2) Promotional play system;

(3) Player tracking system;

(4) External bonusing system;

(5) Cashless funds transfer system; and

(6) Wide area progressive system.

C. A facility operator intending to authorize remote access to a video lottery system under this regulation shall include in its internal controls submitted for Commission approval under COMAR 36.03.10.05 a written system of access protocols which require:

(1) A unique system account for each employee of a manufacturer identified by the manufacturer as potentially required to perform technical support from a remote location;

(2) Use of a dedicated and secure communication facility;

(3) The facility operator to provide the Commission with notice of access within 4 hours after a person remotely accesses a system;

(4) The facility operator to take affirmative steps, on a per access basis, to activate a manufacturers access privileges;

(5) Imposition of limits on the ability of any individual authorized under this regulation to deliberately or inadvertently interfere with:

(a) The normal operation of the system; and

(b) Its data; and

(6) An access log:

(a) Maintained by both the:

(i) Manufacturer; and

(ii) Facility operators information technology department;

(b) Maintained in:

(i) A book with bound numbered pages that cannot be readily removed; or

(ii) An electronic format equipped with software that prevents modification of an entry after it has been initially entered into the system; and

(c) Documenting the:

(i) Manufacturer version number of the system accessed;

(ii) Type of connection as leased line, dial in modem, or private WAN;

(iii) Name of the manufacturer employee remotely accessing the system;

(iv) Name of the information technology department employee activating the manufacturer's access to the system;

(v) Date and time of the connection;

(vi) Duration of the connection;

(vii) Reason for the remote access including a description of the symptoms or malfunction prompting the need for remote access to the system; and

(viii) Any action taken or further action required.

D. A facility operator may not authorize a manufacturer to remotely access a video lottery system until its system access protocols are approved in writing by the Commission.

E. Any modification to a system required to be tested, certified, and approved by the Commission under Regulation .02E of this chapter shall be processed as:

(1) An emergency modification under Regulation .07 of this chapter; or

(2) A standard modification under Regulations .03C and .04C of this chapter.

F. If an employee of a manufacturer is no longer employed or authorized by a manufacturer to remotely access a system pursuant to this regulation, the manufacturer shall:

(1) Immediately notify in writing:

(a) Any facility operator that has established a unique system account for that employee of the change in authorization; and

(b) The Commission; and

(2) Verify with each facility operator notified of the change in authorization that the access privileges of the individual have been revoked.

                    
                        var val = document.getElementById('citecontent').innerHTML;
                        art.dialog.defaults.title = window.location.href;
                        art.dialog.data('cite', val);
                        art.dialog.data('homeDemoPath', '/Scripts/plus/artDialog/');
                        art.dialog.open('/Scripts/plus/artDialog/citeiframe.html');