Which practice limits system access to authorized users and devices?

The practice that limits system access to authorized users and devices is best represented by Access Control Policies. These policies establish criteria for who can access specific resources within a system, ensuring that only individuals or devices with the proper authorization can gain entry. Access Control Policies outline the rules and regulations governing user permissions, defining the parameters of access based on roles, responsibilities, and security requirements.

By implementing these policies, organizations create a structured approach to managing access, which helps mitigate the risk of unauthorized entry and protects sensitive information from data breaches. The effectiveness of Access Control Policies lies in their ability to ensure compliance with security standards, enabling organizations to demonstrate their commitment to protecting data integrity and confidentiality.

In contrast, the other options reflect related concepts but do not specifically focus on the governance aspect of access limitation. Access Enforcement Mechanisms involve the tools and technologies that enforce the policies set out in Access Control Policies. System Baselining refers to establishing a standard configuration for systems to ensure they remain secure over time. Finally, the principle of Least Privilege is about minimizing user access rights to only what is necessary for their role, but it is a principle within the broader context of access control policies.