This objective requires your organization to identify and document the tools and methods used to control access to system maintenance utilities, especially on systems that handle Controlled Unclassified Information (CUI). These tools often have elevated privileges and must be tightly regulated.