top of page
12.3.10 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
12.3.10
Requirement 12: Maintain a policy that addresses information security for all personnel
(v3.2.1)
For personnel accessing cardholder data via remote-access technologies, prohibit the copying, moving, and storage of cardholder data onto local hard drives and removable electronic media, unless explicitly authorized for a defined business need.
Where there is an authorized business need, the usage policies must require the data be protected in accordance with all applicable PCI DSS Requirements.
bottom of page