What is a requirement to implement with an access control policy?

Implementing an access control policy requires setting clear and specific guidelines about who can view or manipulate certain types of information. The option indicating that only a customer service representative can view an unmasked account number establishes a precise role-based access control mechanism. This ensures that sensitive information is not accessible to everyone, thereby maintaining data privacy and security. By limiting access to those who are trained and authorized, organizations can protect sensitive data from unauthorized access and potential misuse.

In contrast, the other options represent broader or less controlled access, which does not align with the principles of an effective access control policy. Allowing everyone to view all information compromises confidentiality. Enabling guest access to customer accounts can lead to security risks, as guests usually do not have the necessary clearance or training to handle sensitive data. Likewise, allowing sales representatives to edit sensitive data may lead to integrity issues, as not all sales representatives may need that level of access for their roles.