💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

• Contextual name: 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

• ID: /frameworks/pci-dss-v4.0/12/02/01

• Located in: 💼 12.2 Acceptable use policies for end-user technologies are defined and implemented.

Description

Including:

• Explicit approval by authorized parties.
• Acceptable uses of the technology.
• List of products approved by the company for employee use, including hardware and software.

Similar

• Sections
  • /frameworks/pci-dss-v3.2.1/12/03
  • /frameworks/pci-dss-v3.2.1/12/03/01
  • /frameworks/pci-dss-v3.2.1/12/03/02
  • /frameworks/pci-dss-v3.2.1/12/03/03
  • /frameworks/pci-dss-v3.2.1/12/03/04
  • /frameworks/pci-dss-v3.2.1/12/03/05
  • /frameworks/pci-dss-v3.2.1/12/03/06
  • /frameworks/pci-dss-v3.2.1/12/03/07
  • /frameworks/pci-dss-v3.2.1/12/03/08
  • /frameworks/pci-dss-v3.2.1/12/03/09
  • /frameworks/pci-dss-v4.0.1/12/02/01
• Internal
  • ID: dec-c-4c5a9288

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 12.3 Develop usage policies for critical technologies and define proper use of these technologies.	10
💼 PCI DSS v3.2.1 → 💼 12.3.1 Explicit approval by authorized parties.
💼 PCI DSS v3.2.1 → 💼 12.3.2 Authentication for use of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.3 A list of all such devices and personnel with access.
💼 PCI DSS v3.2.1 → 💼 12.3.4 A method to accurately and readily determine owner, contact information, and purpose.
💼 PCI DSS v3.2.1 → 💼 12.3.5 Acceptable uses of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.6 Acceptable network locations for the technologies.
💼 PCI DSS v3.2.1 → 💼 12.3.7 List of company-approved products.
💼 PCI DSS v3.2.1 → 💼 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.
💼 PCI DSS v3.2.1 → 💼 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.
💼 PCI DSS v4.0.1 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 12.3 Develop usage policies for critical technologies and define proper use of these technologies.	10
💼 PCI DSS v3.2.1 → 💼 12.3.1 Explicit approval by authorized parties.
💼 PCI DSS v3.2.1 → 💼 12.3.2 Authentication for use of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.3 A list of all such devices and personnel with access.
💼 PCI DSS v3.2.1 → 💼 12.3.4 A method to accurately and readily determine owner, contact information, and purpose.
💼 PCI DSS v3.2.1 → 💼 12.3.5 Acceptable uses of the technology.
💼 PCI DSS v3.2.1 → 💼 12.3.6 Acceptable network locations for the technologies.
💼 PCI DSS v3.2.1 → 💼 12.3.7 List of company-approved products.
💼 PCI DSS v3.2.1 → 💼 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.
💼 PCI DSS v3.2.1 → 💼 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.
💼 PCI DSS v4.0.1 → 💼 12.2.1 Acceptable use policies for end-user technologies are documented and implemented.

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags