An administrative control is a type of security measure that governs human behavior and organizational processes through policies, procedures, guidelines, and operational standards. These controls define how employees should handle sensitive information, manage system access, and perform their duties securely. Examples include security awareness training programs, acceptable use policies, background checks, incident response procedures, access management protocols, and data retention policies.

Administrative controls form the foundational layer of an organization's security framework by establishing clear responsibilities and fostering a security-conscious culture. They are essential for maintaining compliance with regulatory requirements, industry standards, and internal security policies. While technical controls automate security enforcement and physical controls protect tangible assets, administrative controls address the human element—often considered the weakest link in cybersecurity—by ensuring personnel understand and follow established security practices.