The Chief Information Security Officer (CISO) has decided that all accounts with elevated privileges must use a longer, more complicated passphrase instead of a password. The CISO would like to formally document management’s intent to set this control level.
Which of the following is the appropriate means to achieve this?
A . A control
B . A standard
C . A policy
D . A guideline
Answer: C