Compensating Security Controls

Compensating Security Controls definition in Computer Security terms:

Acronym(s): None

Definition(s): The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system.
Source(s): NIST SP 800-137 (NISTIR 7298)
NIST SP 800-37 Rev. 1

The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST SP 800-53, that provide equivalent or comparable protection for an information system.
Source(s): NIST SP 800-18 Rev. 1

The security controls employed in lieu of the recommended controls in the security control baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253 that provide equivalent or comparable protection for an information system or organization.
Source(s): NIST SP 800-53 Rev. 4 (Adapted from CNSSI 4009)

Synonym(s): Compensating Security Control
The security controls employed in lieu of the recommended controls in the security control baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253 that provide equivalent or comparable protection for an information system or organization.
Source(s): CNSSI 4009-2015 A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.
Source(s): NIST SP 800-39 NIST SP 800-30

 

reference: CSRC Glossary