Definitions[]
General[]
A compensating control is
“ | a cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control.[1] | ” |
“ | [a] management, operational, and/or technical control (e.g., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.[2] | ” |
Medical advice[]
“ | a safeguard or countermeasure, external to the device, employed by a user in lieu of, or in the absence of sufficient controls that were designed in by a device manufacturer, and that provides supplementary or comparable cyber protection for a medical device.[3] | ” |