An organization's baseline configuration requires 256-bit keys for a specialized application used by one of its departments. After conducting some tests, it is determined that an existing device performs poorly when key lengths exceed 128 bits. After performing a risk assessment, the leadership team authorizes using 128-bit keys for the problematic device, pending its replacement. What type of control is described in this situation?