Compensating controls are security measures that are put in place to satisfy the requirement for a security standard when the existing control cannot be applied. These alternative measures provide comparable or equivalent protection when standard controls cannot be implemented due to various constraints. For example, if a system cannot be patched due to compatibility issues, a compensating control might be to implement additional network security monitoring around that system. Understanding compensating controls is important because it allows security professionals to maintain an acceptable level of risk even when primary controls are not feasible.