What are compensating controls in the context of vulnerability management?
Steps taken by an organization to comply with legal requirements without implementing any security measures.
Regular procedures that reduce the likelihood of a vulnerability being exploited without considering the existing regulatory standards.
Alternative security measures implemented when an organization cannot meet a standard security control due to specific constraints, and still needs to maintain required security levels.
The documentation required to prove an organization is following standardized compliance requirements.