12.3.1 Explicit approval by authorized parties

12.3.1 Explicit approval by authorized parties

12.3.1 Verify that the usage policies include processes for explicit approval from authorized parties to use the technologies.

Without requiring proper approval for implementation of these technologies, individual personnel may innocently implement a solution to a perceived business need, but also open a huge hole that subjects critical systems and data to malicious individuals.