Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

A user ID and password system is classified as a technical access control mechanism. This type of access control is implemented through technology and is aimed at protecting information systems and data by ensuring that only authorized users can access them. Technical controls often include tools and systems that enforce authentication measures, such as requiring users to input their unique credentials to gain access to applications, networks, or systems.

This approach is crucial in maintaining the security of sensitive information because it directly involves technology-based methods, such as encryption and firewalls, to protect resources. By leveraging user IDs and passwords, this control creates a barrier that must be overcome for access to be granted, thereby facilitating the establishment of secure user identities and maintaining data confidentiality and integrity.

In contrast, administrative access controls involve the policies and procedures that manage user access and define the organization's security posture. Physical access controls relate to physical barriers and measures taken to protect the physical space where information systems are housed, such as locks and security personnel. Power access control is not typically associated with standard security classifications in this context, making it an irrelevant choice.