During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall.

Which of the following will the audit team most l l

ikely recommend during the audit out brief?

A. Discretionary access control for the firewall team

B. Separation of duties policy for the firewall team

C. Least privilege for the firewall team

D. Mandatory access control for the firewall team