When adding exceptions to the Master Policy, what must you base them on?

The correct approach when adding exceptions to the Master Policy is to base them on platforms. This is crucial because different platforms may have unique requirements, technical capabilities, or operational constraints that necessitate specific exceptions to be made to the standard policy.

For instance, certain applications or environments might not support the same security configurations as others, and recognizing this difference allows organizations to maintain a balance between security and usability. It is essential to tailor policies in a manner that considers the specific characteristics and limitations of each platform to ensure the effectiveness of the security measures while also enabling users to perform their job functions efficiently.

Identifying exceptions based solely on user feedback, compliance requirements, or security threats does not fully account for the technical nuances presented by different platforms, which is why focusing on platforms is the most effective and relevant criterion for this decision-making process.