What type of control is applied when a device uses 128-bit keys instead of the required 256-bit keys due to performance issues?

In this scenario, when a device opts to use 128-bit keys instead of the required 256-bit keys because of performance issues, it illustrates the concept of compensating controls. Compensating controls are alternative measures that are put in place to mitigate risk when the preferred or ideal security controls cannot be applied due to practical constraints, such as performance.

Using 128-bit keys provides a level of security, though it is less robust than the 256-bit keys that were originally required. This change is made as a workaround to maintain operational functionality while still addressing security needs to some extent. Compensating controls aim to provide a balance between security and usability, recognizing that sometimes, ideal security measures cannot be fully implemented.

In contrast, preventive controls are meant to prevent security breaches before they occur, corrective controls focus on correcting issues after they have been identified, and detective controls are tasked with identifying security incidents as they happen. However, the use of reduced key lengths due to performance concerns does not directly fit into those categories as it represents a decision to maintain a level of operation that might compromise the ideal standard. Thus, opting to use a less secure key length while still striving to protect data through an alternative measure is why this scenario reflects compensating controls.