To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:
A. established guidelines
B. criteria consistent with classification levels
C. efficient technical processing considerations
D. overall IT capacity and operational constraints
B (?)