Fandom

The IT Law Wiki

Compensating control

32,343pages on
this wiki
Add New Page
Talk0 Share

Definitions Edit

General Edit

A compensating control is

a cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control.[1]
[a] management, operational, and/or technical control (e.g., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.[2]

Medical advice Edit

a safeguard or countermeasure, external to the device, employed by a user in lieu of, or in the absence of sufficient controls that were designed in by a device manufacturer, and that provides supplementary or comparable cyber protection for a medical device.[3]

References Edit

  1. Electricity Subsector Cybersecurity Risk Management Process, at 61.
  2. FFIEC Information Technology Examination Handbook-Information Security, at 76.
  3. Postmarket Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff, at 7-8.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.