A security administrator is required to submit a detailed implementation plan and back out plan to get approval prior to updating the firewall and other security devices. Which of the following types of risk mitigation strategies is being followed?
A. Change management
B. Routine audit
C. Rights and permissions review
D. Configuration management