- A. Where the distributed pull-tab system components are linked with one another in a network, communication protocols shall be used that ensure that erroneous data or signals will not adversely affect the operations of any such system components.
- B. All data communication shall incorporate an error detection and correction scheme to ensure the data is transmitted and received accurately.
- C. Connections between all components of the distributed pull-tab system shall only be through the use of secure communication protocols that are designed to prevent unauthorized access or tampering, employing Advanced Encryption Standard (AES) or equivalent encryption.
- D. A firewall or equivalent hardware device configured to block all inbound and outbound traffic that has not been expressly permitted and is not required for continued use of the distributed pull-tab system must exist between the distributed pull-tab system and any external point of access.
- E. The minimum width (size) for encryption keys is 112 bits for symmetric algorithms and 1024 bits for public keys.
- F. There must be a secure method implemented for changing the current encryption key set. It is not acceptable to only use the current key set to "encrypt" the next set.
- G. There must be a secure method in place for the storage of any encryption keys. Encryption keys must not be stored without being encrypted themselves.
H. If a wireless network is used, wireless products used in conjunction with any gaming system or system component must meet the following minimum standards:
- 1. Employ a security process that complies with the Federal Information Processing Standard 140-2 (FIPS 140-2); or
- 2. Employ an alternative method, as approved by the department.
Statutory Authority
§ 18.2-340.15 of the Code of Virginia.
Historical Notes
Derived from Virginia Register Volume 39, Issue 14, eff. March 29, 2023.