What must be true about compensating controls when used?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

What must be true about compensating controls when used?

Explanation:
Compensating controls are alternative measures you put in place when you cannot meet a PCI DSS requirement, and they must be documented in the ROC so there is formal justification, testing, and approval for their use. They must demonstrate they achieve the same security objective as the original control, not simply be added arbitrarily. They are not optional, nor do they replace all other controls; they’re specific accommodations that require evidence and validation within the assessment.

Compensating controls are alternative measures you put in place when you cannot meet a PCI DSS requirement, and they must be documented in the ROC so there is formal justification, testing, and approval for their use. They must demonstrate they achieve the same security objective as the original control, not simply be added arbitrarily. They are not optional, nor do they replace all other controls; they’re specific accommodations that require evidence and validation within the assessment.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy