12.3.7 List of company-approved products
12.3.7 Verify that the usage policies include a list of company-approved products.
By defining acceptable business use and location of company-approved devices and technology,
the company is better able to manage and control gaps in configurations and operational controls, to ensure a “back door” is not opened for a malicious individual to gain access to critical systems and cardholder data.