According to the CRISC Review Manual, monitoring against the configuration standard is the most effective control to maintain the integrity of system configuration files, because it ensures that any unauthorized or unintended changes are detected and corrected. Monitoring against the configuration standard involves comparing the actual configuration of the system with the approved baseline and identifying any deviations or discrepancies. The other options are not the most effective controls, because they do not ensure the integrity of the system configuration files. Recording changes to configuration files is a good practice, but it does not prevent unauthorized or unintended changes from occurring. Implementing automated vulnerability scanning is a preventive control that helps to identify and remediate potential weaknesses in the system, but it does not verify the integrity of the configuration files. Restricting access to configuration documentation is a security measure that limits the exposure of sensitive information, but it does not prevent unauthorized or unintended changes to the configuration files. References = CRISC Review Manual, 7th Edition, Chapter 4, Section 4.2.3, page 184.