|
12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use
|
|
0
|
96
|
February 26, 2023
|
|
12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity
|
|
0
|
133
|
February 26, 2023
|
|
12.3.7 List of company-approved products
|
|
0
|
128
|
February 26, 2023
|
|
12.3.6 Acceptable network locations for the technologies
|
|
0
|
88
|
February 26, 2023
|
|
12.3.5 Acceptable uses of the technology
|
|
0
|
52
|
February 26, 2023
|
|
12.3.4 A method to accurately and readily determine owner, contact information, and purpose (for example, labeling, coding, and/or inventorying of devices)
|
|
0
|
58
|
February 26, 2023
|
|
12.3.3 A list of all such devices and personnel with access
|
|
0
|
54
|
February 26, 2023
|
|
12.3.2 Authentication for use of the technology
|
|
0
|
54
|
February 26, 2023
|
|
12.3.1 Explicit approval by authorized parties
|
|
0
|
47
|
February 26, 2023
|
|
12.3 Develop usage policies for critical technologies and define proper use of these technologies
|
|
0
|
99
|
February 26, 2023
|
|
12.2 Implement a risk-assessment process that:
|
|
0
|
83
|
February 26, 2023
|
|
12.1.1 Review the security policy at least annually and update the policy when the environment changes
|
|
0
|
58
|
February 26, 2023
|
|
12.1 Establish, publish, maintain, and disseminate a security policy
|
|
0
|
64
|
February 20, 2023
|
|
Requirement 12: Maintain a policy that addresses information security for all personnel
|
|
0
|
117
|
February 20, 2023
|