Fandom

The IT Law Wiki

Compensating control

32,169pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

General Edit

A compensating control is

a cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control.[1]
[a] management, operational, and/or technical control (e.g., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.[2]

Medical advice Edit

a safeguard or countermeasure, external to the device, employed by a user in lieu of, or in the absence of sufficient controls that were designed in by a device manufacturer, and that provides supplementary or comparable cyber protection for a medical device.[3]

References Edit

  1. Electricity Subsector Cybersecurity Risk Management Process, at 61.
  2. FFIEC Information Technology Examination Handbook-Information Security, at 76.
  3. Postmarket Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff, at 7-8.

Also on Fandom

Random Wiki