Compensating Controls definition
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms must: (1) meet the intent and rigor of the original stated requirement; (2) provide a similar level of security as the original stated requirement; (3) be up-to-date with current industry accepted security protocols; and (4) be commensurate with the additional risk imposed by not adhering to the original stated requirement. The determination to implement such alternative mechanisms must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the risk was determined to be acceptable, and that the Chief Information Security Officer or his or her designee agrees with both the risk analysis and the determination that the risk is acceptable.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to
Compensating Controls means mechanisms put in place to satisfy a security requirement that are not explicitly as stated, due to legitimate technical or documented business constraints, but still sufficiently mitigate the risk associated with the requirement. Compliance means evidence of having met a specific set of policies, standards, laws, frameworks regulations, etc. Concurrent sessions means when there is more than one user accessing the same computer resource at the same time or in the same predefined period of time Configuration means any arrangements to code, updates, patches and processes to an Information Resource.
Examples of Compensating Controls in a sentence
If that vulnerability cannot be remediated as indicated above, then Blackbaud shall within twenty-four (24) hours of the identification of such vulnerability: (a) implement Compensating Controls; or (b) take the application or functionality of the application affected by such vulnerability offline until such vulnerability is remediated or Compensating Controls have been successfully applied.
A description of the schedule that will be used to evaluate and plan for the replacement of the software or addition of any Compensating Controls.
If the risk is not remediated within the timeframe above, Origin will implement Compensating Controls as appropriate to mitigate the risk until remediation can occur.
Blackbaud shall maintain, regularly review and revise as necessary, and comply with network segmentation protocols and related policies that are reasonably designed to properly segment the Blackbaud Network or otherwise implement Compensating Controls, which shall, at a minimum, comply with NIST CSF controls related to network segmentation.
If the remediation cannot be applied within fifteen (15) days after the identification of the vulnerability, Blackbaud shall identify existing or implement new Compensating Controls designed to protect PI and PHI as soon as practicable but no later than fifteen (15) days after the identification of the vulnerability.
More Definitions of Compensating Controls
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee(s) to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms must: (1) meet the intent of the original stated requirement; (2) provide a similar level of security as the
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical or unreasonable to implement at the applicable time due to legitimate technical or business constraints. Such alternative mechanisms must:
(a) meet the intent and rigor of the original stated requirement; (b) provide a similar level of security as the original stated requirement; (c) be materially and substantively up-to-date with current industry accepted security protocols; and (d) be commensurate with the additional risk imposed by not adhering to the original stated requirement. The determination to implement such alternative mechanisms must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the risk was determined to be acceptable, and that the Chief Information Security Officer or his or her designee agrees with both the risk analysis and the determination that the risk is acceptable. Compensating Controls shall not be utilized as permanent alternative security measures and shall be reevaluated for security effectiveness at least every ninety (90) days to determine whether to retain the Compensating Control as the appropriate security measure or to implement an alternative as the permanent security measure. Written security effectiveness documentation shall be prepared and reviewed by the Chief Information Security Officer or his or her designee and shall be kept for a period of one (1) year following the termination of usage of any such alternative mechanism.
Compensating Controls means actions or processes that yield a similar output to standard operating procedures, but that are temporary in nature.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical or unreasonable to implement at the applicable time due to legitimate technical or business constraints. Such alternative mechanisms must: (a) meet the intent and rigor of the original stated requirement; (b) provide a similar level of security as the original stated requirement; (c) be materially and substantively up-to-date with current industry accepted security protocols; and (d) be commensurate with the additional risk imposed by not adhering to the original stated
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer (“CISO”) or his or her designee to be impractical to