Skip to main content

💼 12.3 Develop usage policies for critical technologies and define proper use of these technologies.

Description​

Examples of critical technologies include, but are not limited to, remote access and wireless technologies, laptops, tablets, removable electronic media, e-mail usage and Internet usage.

Similar​

  • Sections
    • /frameworks/pci-dss-v4.0/12/02/01
  • Internal
    • ID: dec-c-cc36f64b

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 PCI DSS v4.0 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 PCI DSS v4.0 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
💼 12.3.1 Explicit approval by authorized parties.
💼 12.3.2 Authentication for use of the technology.
💼 12.3.3 A list of all such devices and personnel with access.
💼 12.3.4 A method to accurately and readily determine owner, contact information, and purpose.
💼 12.3.5 Acceptable uses of the technology.
💼 12.3.6 Acceptable network locations for the technologies.
💼 12.3.7 List of company-approved products.
💼 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.
💼 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.
💼 12.3.10 For personnel accessing cardholder data via remote-access technologies, prohibit the copying, moving, and storage of cardholder data onto local hard drives and removable electronic media, unless explicitly authorized for a defined business need.