Which of the following is considered an administrative control?

An administrative control refers to policies, procedures, and practices that govern how an organization manages its operations and protects its information systems and data. These controls are not physical or technical in nature; rather, they are focused on management tasks, employee training, and the formalization of behaviors intended to mitigate risks.

In this context, the access control process exemplifies an administrative control as it involves creating and enforcing policies related to who can access specific resources within an organization. It dictates the rules for granting or denying access based on roles, responsibilities, and other criteria, thus ensuring that sensitive data and systems are adequately protected according to organizational policy.

Other choices represent different categories of controls. Keystroke logging is a technical control, often associated with surveillance or monitoring activities to track user behavior. Biometric authentication falls under technical security measures as it uses unique biological traits for identification. Door locks are considered physical security controls designed to prevent unauthorized physical access to facilities. Each of these options has its purpose but does not align with the governance and policy-driven nature of administrative controls.