Current through Register Vol. 54, No. 49, December 7, 2024
Section 810a.6 - Software authentication The acquisition and development of new software must follow defined processes in accordance with the information security policy.
(1) The production environment must be logically and physically separated from the development and test environments. (2) Development staff shall be precluded from having access to promote code changes into the production environment. If, due to staffing limitations, this requirement cannot be met by the entity, the internal controls submitted to the Board shall describe what measures will be implemented to ensure the integrity of interactive games in the production environment. (3) There must be a documented method to verify that test software is not deployed to the production environment. (4) To prevent leakage of personal identifiable information, there must be a documented method to ensure that raw production data is not used in testing. (5) All documentation relating to software and application development should be available and retained for the duration of its lifecycle.