Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:

$$ The applications are considered mission$-$critical.

$$ The applications are written in code languages not currently supported by the development staff.

$$ Security updates and patches will not be made available for the applications.

$$ Username and passwords do not meet corporate standards.

$$ The data contained within the applications includes both PII and PHI.

$$ The applications communicate using TLS $1\mathrm{.}0.$

$$ Only internal users access the applications.

Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?

A$.$ Update the company policies to reflect the current state of the applications so they are not out of compliance.

B$.$ Create a group policy to enforce password complexity and username requirements.

C$.$ Use network segmentation to isolate the applications and control access.

D$.$ Move the applications to virtual servers that meet the password and account standards.