Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A compensating control is an alternative safeguard used when a required control is infeasible, providing equivalent risk mitigation.
Compensating Control Definition: A compensating control is an alternative safeguard used when a required control is infeasible, providing equivalent risk mitigation.
A compensating control is an alternative safeguard implemented when a primary or required control cannot be applied due to legitimate business or technical constraints. It must provide a comparable level of protection and is widely recognized in frameworks such as PCI DSS, which requires documented justification and equivalent risk mitigation. Compensating controls are temporary or situational stand-ins, not permanent excuses to skip baseline requirements.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →