The IT Law Wiki

Definitions[]

General[]

A compensating control is

a cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control.[1]
[a] management, operational, and/or technical control (e.g., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.[2]

Medical advice[]

a safeguard or countermeasure, external to the device, employed by a user in lieu of, or in the absence of sufficient controls that were designed in by a device manufacturer, and that provides supplementary or comparable cyber protection for a medical device.[3]

References[]