Which item is a technical information security control?

Technical information security controls are those implemented with technology to enforce security boundaries and restrict access to systems and data. Network access fits this because it uses automated technical mechanisms to control who can connect to the network and what resources they can reach. Technologies such as 802.1X network access control, MFA at login, VPN gateways, firewalls, ACLs on switches, and endpoint posture checks work together to grant or deny connectivity based on identity, device health, and policy. This is a direct, automated enforcement of access, which is the essence of a technical control. The other options describe controls that are primarily policy- or governance-based rather than automated technical enforcement. An HR policy sets rules for how people should behave and interact with systems, but it does not itself enforce access through technology. Data classification defines how data should be labeled and handled, serving as a governance framework rather than an access-control mechanism. Security monitoring involves detecting and alerting on security events, and while it relies on technical tools, its primary role is to observe and respond rather than to prevent access in real time.