Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

compensating security control

Abbreviation(s) and Synonym(s):

None

Definition(s):

  The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system.
Source(s):
NIST SP 800-37 Rev. 1 under Compensating Security Controls
NIST SP 800-137 under Compensating Security Controls (NISTIR 7298)

  A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.
Source(s):
NIST SP 800-30 Rev. 1 under Compensating Security Control (CNSSI 4009)
NIST SP 800-39 under Compensating Security Control (CNSSI 4009)

  The security controls employed in lieu of the recommended controls in the security control baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253 that provide equivalent or comparable protection for an information system or organization.
Source(s):
CNSSI 4009-2015 (NIST SP 800-53 Rev. 4 - Adapted)
NIST SP 800-53 Rev. 4 under Compensating Security Controls (CNSSI 4009 - Adapted)
NIST SP 800-53A Rev. 4 under Compensating Security Controls (NIST SP 800-53)

  The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST SP 800-53, that provide equivalent or comparable protection for an information system.
Source(s):
NIST SP 800-18 Rev. 1 under Compensating Security Controls