Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » Compensating Controls

Compensating Controls

Also referred to as Alternative Controls, it is a set of security and privacy controls implemented by an organization in lieu of the NIST Special Publication 800-53 to mitigate risks and provide an alternative approach to achieving the same security objectives as primary controls. They are often used to reduce the impact of security breaches or data loss when standard controls are not functioning as intended or when you cannot implement primary security controls due to technical or operational limitations. Compensating controls should be appropriately documented and regularly reviewed to ensure their effectiveness.

Additional reading

GRC Metrics: KPIs, KRIs, & KCIs
Blogs

GRC Metrics: KPIs, KRIs, & KCIs Explained + Sample Checklist

As you scale, the amount of people, processes, and technology you add to your infrastructure increases. This not only adds a number of risks into the mix but also creates an unprecedented level of compliance chaos. The emergence of GRC helps to close these gaps.  This module heavily depends on certain metrics – KPIs, KRIs,…
fedramp impact levels security controls
Blogs Compliance management

FedRAMP Impact Levels: High vs Moderate vs Low

Cloud Service Providers (CSPs) aiming for FedRAMP authorization must categorize their systems’ security impact levels as per FIPS 199, a NIST standard. However, there’s always an initial confusion of how accurately you can categorize systems.   Misclassifying systems, either by over-securing or under-protecting, often cause a delay in authorization or expose sensitive data to risks. So,…
Limitations of Internal Controls
Blogs Cybersecurity

9 Limitations of Internal Controls And How to Mitigate Them

Internal controls are the building blocks of a company’s security posture. They shape the company’s security architecture and they can often be the difference between a secure company and a vulnerable one.  A recent study suggested that about 68% of occupational fraud occurred due to reasons relating to internal control loopholes—the reasons ranging from a…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales