What type of access control is composed of policies and procedures that support regulations and organizational requirements?

Administrative access control entails the development and enforcement of policies and procedures that guide and regulate user access to information systems. This type of access control is essential for ensuring compliance with laws, regulations, and organizational standards. It includes the establishment of roles, responsibilities, and rules, which dictate how users can access resources and what actions they are permitted to perform.

For instance, organizations often create formal access control policies that define user classifications, the process for granting access, and the requirement for user training to ensure that all personnel understand the necessary security measures. Additionally, administrative controls also cover the processes for inventorying information systems, conducting risk assessments, and managing identity and access throughout the lifecycle of user accounts.

This description makes it clear that administrative access controls serve as the foundation for governing access in a structured manner, ensuring that all regulatory and organizational requirements are met.