What are technical controls?

Technical controls are security measures that are built into and enforced by the information system itself, implemented through hardware, software, or firmware. They are automated protections that operate within the system to protect confidentiality, integrity, and availability. Examples include access controls enforced by the operating system, encryption of data at rest and in transit, firewalls, intrusion detection systems, secure configurations, and patch management. This is why the description of controls that the information system primarily implements and executes through its hardware, software, or firmware components is the best fit. The other options describe controls that are not technical in nature: training personnel falls under administrative or management controls focused on people; physical access measures are about physical security; and broad administrative policies govern governance and procedures rather than system-enforced mechanisms.