The IT Law Wiki
Register
Advertisement

Definition[]

Compensating security controls are

[t]he security controls employed in lieu of the recommended controls in the security control baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253 that provide equivalent or comparable protection for an information system or organization.[1]

References[]

  1. NIST Special Publication 800-53, App. B, Glossary (adapted from CNSSI 4009).
Advertisement