top of page
< Back

12.3.10 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID

PCI DSS

(v3.2.1)

12.3.10

Requirement 12: Maintain a policy that addresses information security for all personnel

(v3.2.1)

For personnel accessing cardholder data via remote-access technologies, prohibit the copying, moving, and storage of cardholder data onto local hard drives and removable electronic media, unless explicitly authorized for a defined business need.
Where there is an authorized business need, the usage policies must require the data be protected in accordance with all applicable PCI DSS Requirements.

bottom of page