Administrative controls are policies, procedures, and guidelines that govern how an organization manages and enforces security practices to protect its data and systems.