DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Blog

Compensating Control

2/23/2018

 
Compensating Control may be considered if PCI DSS requirement cannot meet a requirement due to legitimate Technical or Documented Business constraints.

Compensating Control must satisfy following:
1) Meet the intent and rigor of the original requirement.
2) Provide a similar level of defence as the original
3) Be "Above and Beyond" other PCI DSS Requirement.

What is above and beyong?
- If existing PCI DSS requirement CANNOT be considered as compensating Control if they are already required by the item under review.

- Existing PCI DSS requirement MAY be considered as compensating control if they are required for another area, but not required for the item under review.

- Existing PCI DSS requirement may be conbined with new control to become a compensating control.

Compensating Control Worksheet:
1) Constraints
2) Objective
3) Identified Risk
4) Defination of Compensating Controls
5) Validation of Compensating Controls
6) Maintainance




A.
 Be "above and beyond" other PCI DSS requirement (i.e., not simply in compliance with other requirements)
B. Sufficiently offset the risk that the original PCI DSS requirement was designed to defend against
C. Meet the intent and rigor of the original PCI requirement
​D. Be commensurate with additional risk imposed by not adhering to original requirement

Comments are closed.

    Mac Forensics
    Windows Forensics
    Forensic Tools

    Categories

    All
    Attack
    Bash
    Bigdata
    Corporate
    Ctf
    Data
    Digital Forensics
    Docker
    EDR
    Forensics
    Hacking
    Hadoop
    HDFS
    Health Care
    Linux
    Memory
    Network
    Network Forensics
    PCIP
    SQL
    Windows
    Wireshark

    Archives

    October 2019
    September 2019
    July 2019
    June 2019
    May 2019
    March 2019
    April 2018
    March 2018
    February 2018
    July 2017
    June 2017
    May 2017
    November 2015
    October 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity