Operating Systems and Applications. All access permissions for operators of the gaming system application and the operating system that it resides on are to be kept to a minimum and shall be granted based on a “least privilege” security model. In no case shall a computer operator ID be granted administrative or root level privileges to the CGS. Where a decision is made that Computer Operators need immediate access to computer system accounts with administrative privileges in order to bring a system back up following a failure or other emergency, the use of these accounts shall be fully audited. Personnel outside of the Computer Operators group, whether Lottery or Vendor employees, shall be readily able to determine that these accounts have been used. User, system, and application passwords shall contain six or more characters. User passwords will expire within 35 days or less and should not be reused within ten iterations. Where systematically possible, users shall not be granted privileges to reset their own passwords within three days of them changing it. Password strength and uniqueness shall be enforced by the operating system wherever possible. Transaction data access must be limited to persons or applications on an as needed basis. Care must be taken to prevent unauthorized connections to the information in this file from both inside and outside an application.
Operating Systems and Applications. Logical access permissions granted to both the primary and secondary ICS must be kept to a minimum. In the event ICS vendors indicate to the Lottery that they require access to the system, Member Lotteries shall require the vendor to submit a written request that explains the need for access, the level of access required, and the specific changes to be made. Should the Lottery request that the ICS vendor access a production ICS in response to a problem that they are experiencing, the ICS vendor does not have to submit this documentation. Should a modem be in place to allow for remote access, it shall either remain powered off when not in use or be configured to not accept incoming calls or accesses. Lottery personnel (preferably with some background in IT) shall witness any changes made to the ICS by a vendor. Access shall be authorized by the Party Lottery’s Security group (whether or not they are physically present) or personnel that are designated by Lottery Security and do not report to the IT Management function (e.g. Internal Audit or Senior Management) and must be granted only at the minimum level that the individual job function requires. The definition of what is authorized access needs to take into consideration actual need as determined by the Lottery. Where possible given staff resources, Administrators for the ICS shall not have access to any access control devices used to protect the ICS. The use of wireless technologies shall not be permitted on network subnets containing production ICS solutions, nor shall ICS solutions be configured to accept connection requests from any wireless source. Applicable security patches shall be kept current on all production ICS machines that have connectivity to other networks. Comment: Access should be limited to the lowest level required to perform an assigned job function and nothing more. This minimizes the need to rely on an individual’s ability or character. Any changes or access by a vendor must be documented in detail, and this includes specific tasks performed in the case of “general maintenance”. Lottery personnel can witness vendor changes to an ICS by requiring the vendor to connect to the ICS using remote control software. Although keeping modems powered off is preferable, some modems may be in place to allow a system to contact support personnel in cases of system or service failure. These modems need to be configured to deny inbound access.
