Definition[]
Compensating security controls are
“ | [t]he security controls employed in lieu of the recommended controls in the security control baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253 that provide equivalent or comparable protection for an information system or organization.[1] | ” |
References[]
- ↑ NIST Special Publication 800-53, App. B, Glossary (adapted from CNSSI 4009).