What is the best control to limit risk when using privileged accounts for configuration changes?

Limiting risk associated with privileged accounts, especially during configuration changes, is critical for maintaining system integrity and security. Ensuring supervisory approval and review for critical changes acts as a strong control because it introduces a layer of oversight. This means that any changes made with privileged accounts must be validated and authorized by a supervisor, helping to prevent unauthorized or potentially harmful changes.

This control not only serves as a deterrent against misuse of privileged accounts but also facilitates accountability. When supervisory approval is required, it encourages adherence to policies and procedures and promotes a culture of scrutiny and responsibility regarding significant system modifications. Such a process helps catch errors or malicious actions before they can take effect, thereby enhancing the overall security posture.

Other options might contribute to security in various ways but do not directly address the immediate risks tied to privileged account actions in the context of configuration changes as effectively as requiring supervisory approval and review.