Skip to main content

πŸ’Ό 12.3 Develop usage policies for critical technologies and define proper use of these technologies.

Description​

Examples of critical technologies include, but are not limited to, remote access and wireless technologies, laptops, tablets, removable electronic media, e-mail usage and Internet usage.

Similar​

  • Sections
    • /frameworks/pci-dss-v4.0/12/02/01
  • Internal
    • ID: dec-c-cc36f64b

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό 12.3.1 Explicit approval by authorized parties.
πŸ’Ό 12.3.2 Authentication for use of the technology.
πŸ’Ό 12.3.3 A list of all such devices and personnel with access.
πŸ’Ό 12.3.4 A method to accurately and readily determine owner, contact information, and purpose.
πŸ’Ό 12.3.5 Acceptable uses of the technology.
πŸ’Ό 12.3.6 Acceptable network locations for the technologies.
πŸ’Ό 12.3.7 List of company-approved products.
πŸ’Ό 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.
πŸ’Ό 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.
πŸ’Ό 12.3.10 For personnel accessing cardholder data via remote-access technologies, prohibit the copying, moving, and storage of cardholder data onto local hard drives and removable electronic media, unless explicitly authorized for a defined business need.