Skip to main content

💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Contextual name: 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.
ID: /frameworks/pci-dss-v4.0/12/02/01
Located in: 💼 12.2 Acceptable use policies for end-user technologies are defined and implemented.

Description

Including:

Explicit approval by authorized parties.
Acceptable uses of the technology.
List of products approved by the company for employee use, including hardware and software.

Similar

Sections
- /frameworks/pci-dss-v3.2.1/12/03
- /frameworks/pci-dss-v3.2.1/12/03/01
- /frameworks/pci-dss-v3.2.1/12/03/02
- /frameworks/pci-dss-v3.2.1/12/03/03
- /frameworks/pci-dss-v3.2.1/12/03/04
- /frameworks/pci-dss-v3.2.1/12/03/05
- /frameworks/pci-dss-v3.2.1/12/03/06
- /frameworks/pci-dss-v3.2.1/12/03/07
- /frameworks/pci-dss-v3.2.1/12/03/08
- /frameworks/pci-dss-v3.2.1/12/03/09
- /frameworks/pci-dss-v4.0.1/12/02/01

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 12.3 Develop usage policies for critical technologies and define proper use of these technologies.	10
💼 PCI DSS v3.2.1 → 💼 12.3.1 Explicit approval by authorized parties.
💼 PCI DSS v3.2.1 → 💼 12.3.2 Authentication for use of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.3 A list of all such devices and personnel with access.
💼 PCI DSS v3.2.1 → 💼 12.3.4 A method to accurately and readily determine owner, contact information, and purpose.
💼 PCI DSS v3.2.1 → 💼 12.3.5 Acceptable uses of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.6 Acceptable network locations for the technologies.
💼 PCI DSS v3.2.1 → 💼 12.3.7 List of company-approved products.
💼 PCI DSS v3.2.1 → 💼 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.
💼 PCI DSS v3.2.1 → 💼 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.
💼 PCI DSS v4.0.1 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 12.3 Develop usage policies for critical technologies and define proper use of these technologies.	10
💼 PCI DSS v3.2.1 → 💼 12.3.1 Explicit approval by authorized parties.
💼 PCI DSS v3.2.1 → 💼 12.3.2 Authentication for use of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.3 A list of all such devices and personnel with access.
💼 PCI DSS v3.2.1 → 💼 12.3.4 A method to accurately and readily determine owner, contact information, and purpose.
💼 PCI DSS v3.2.1 → 💼 12.3.5 Acceptable uses of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.6 Acceptable network locations for the technologies.
💼 PCI DSS v3.2.1 → 💼 12.3.7 List of company-approved products.
💼 PCI DSS v3.2.1 → 💼 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.
💼 PCI DSS v3.2.1 → 💼 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.
💼 PCI DSS v4.0.1 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections