In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?
A. Update the application security policy.
B. Implement compensating control.
C. Submit a waiver for the legacy application.
D. Perform an application security assessment.
A. Update the application security policy.
B. Implement compensating control.
C. Submit a waiver for the legacy application.
D. Perform an application security assessment.