To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:

A. established guidelines.
B. overall IT capacity and operational constraints.
C. efficient technical processing considerations.
D. criteria consistent with classification levels.