What are compensating controls in the context of vulnerability management?
Regular procedures that reduce the likelihood of a vulnerability being exploited without considering the existing regulatory standards.
Steps taken by an organization to comply with legal requirements without implementing any security measures.
The documentation required to prove an organization is following standardized compliance requirements.
Alternative security measures implemented when an organization cannot meet a standard security control due to specific constraints, and still needs to maintain required security levels.