25 CFR 547.15 – What are the minimum technical standards for electronic data communications between system components?
(a) Sensitive data. Communication of sensitive data must be secure from eavesdropping, access, tampering, intrusion or alteration unauthorized by the TGRA. Sensitive data includes, but is not limited to:
(1) RNG seeds and outcomes;
(2) Encryption keys, where the implementation chosen requires transmission of keys;
(3) PINs;
(4) Passwords;
(5) Financial instrument transactions;
(6) Transfers of funds;
(7) Player tracking information;
(8) Download Packages; and
(9) Any information that affects game outcome.
(b) Wireless communications. (1) Wireless access points must not be accessible to the general public.
(2) Open or unsecured wireless communications are prohibited.
(3) Wireless communications must be secured using a methodology that makes eavesdropping, access, tampering, intrusion or alteration impractical. By way of illustration, such methodologies include encryption, frequency hopping, and code division multiplex access (as in cell phone technology).
(c) Methodologies must be used that will ensure the reliable transfer of data and provide a reasonable ability to detect and act upon any corruption of the data.
(d) Class II gaming systems must record detectable, unauthorized access or intrusion attempts.
(e) Remote communications may only be allowed if authorized by the TGRA. Class II gaming systems must have the ability to enable or disable remote access, and the default state must be set to disabled.
(f) Failure of data communications must not affect the integrity of critical memory.
(g) The Class II gaming system must log the establishment, loss, and re-establishment of data communications between sensitive Class II gaming system components.