Section 68IAC25-3-4. LMGS system architecture  

   (a) The system of internal controls of the casino licensee shall, at a minimum, describe the following components of the LMGS:

(1) LMGS components that record, store, process, share, transmit or retrieve sensitive player information, including but not limited to authentication information and limited mobile gaming player account balances.

(2) LMGS components that generate, transmit, or process random numbers used to determine the outcome of games or virtual events.

(3) LMGS components that store the results or the current state of a player's wager.

(4) Points of entry to and exit from the above systems.

(5) Communication networks that transmit sensitive player information.

  (b) Networks serving the LMGS and its components shall be segregated into security domains based on a risk assessment of the functions performed on each network. The risk assessment shall include, but is not limited to the following:

(1) The devices and software deployed on each network, including but not limited to, wireless devices, database servers, voice over IP devices, and remote desktop capability.

(2) The value and classification of the information stored or processed in the network.

(3) The access control policy and access requirements for the applications on the network.

(4) Any other requirements imposed by the executive director or the executive director's designee.

  (c) The boundaries between networks having different security domains shall be secured from outside traffic. Systems shall be configured to detect and report security-related events at security domain boundaries.

  (d) The architecture shall support the use of layered access controls to applications running on the network. (Indiana Gaming Commission; 68 IAC 25-3-4; filed Jan 7, 2016, 8:21 a.m.: 20160203-IR-068150084FRA)