💼 12.3 Develop usage policies for critical technologies and define proper use of these technologies.

• ID: /frameworks/pci-dss-v3.2.1/12/03

Description

Examples of critical technologies include, but are not limited to, remote access and wireless technologies, laptops, tablets, removable electronic media, e-mail usage and Internet usage.

Similar

• Sections
  • /frameworks/pci-dss-v4.0/12/02/01
• Internal
  • ID: dec-c-cc36f64b

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.					no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 12.3.1 Explicit approval by authorized parties.					no data
💼 12.3.2 Authentication for use of the technology.					no data
💼 12.3.3 A list of all such devices and personnel with access.					no data
💼 12.3.4 A method to accurately and readily determine owner, contact information, and purpose.					no data
💼 12.3.5 Acceptable uses of the technology.					no data
💼 12.3.6 Acceptable network locations for the technologies.					no data
💼 12.3.7 List of company-approved products.					no data
💼 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.					no data
💼 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.					no data
💼 12.3.10 For personnel accessing cardholder data via remote-access technologies, prohibit the copying, moving, and storage of cardholder data onto local hard drives and removable electronic media, unless explicitly authorized for a defined business need.					no data