What control is typically required for a break-glass account?

Break-glass access must be tightly governed because it allows emergency, high-privilege entry that bypasses normal controls. The strongest safeguard is dual control: two authorized approvers must authorize the access, and the action is closely monitored. This setup prevents a single person from unilaterally granting powerful access, reducing the risk of misuse or insider threats. It also creates an auditable trail, so every step—who approved, when, and what actions were taken—can be reviewed later, which is crucial for accountability and incident response. MFA alone isn’t enough here because while it strengthens authentication, it doesn’t enforce oversight or provide an independent check on authorization. The other options suggest either no controls or widespread, unrestricted access, which would defeat the purpose of a break-glass process.