[PCI DSS 3.0] 12.3 Develop usage policies for critical technologies and define proper use of these technologies.

12.3 Develop usage policies for critical technologies and define proper use of these technologies.

Note: Examples of critical technologies include, but are not limited to, remote access and wireless technologies, laptops, tablets, removable electronic media, e-mail usage and Internet usage.

Ensure these usage policies require the following: (See 12.3.#)

12.3 Examine the usage policies for critical technologies and interview responsible personnel to verify the following policies are implemented and followed: Personnel usage policies can either prohibit use of certain devices and other technologies if that is company policy, or provide guidance for personnel as to correct usage and
implementation. If usage policies are not in place, personnel may use the technologies in violation of company policy, thereby allowing malicious individuals to gain access to critical systems and cardholder data.