A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.
Source(s):
NIST SP 800-30 Rev. 1 under Compensating Security Control from CNSSI 4009
NIST SP 800-39 under Compensating Security Control from CNSSI 4009

  The security controls employed in lieu of the recommended controls in the security control baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253 that provide equivalent or comparable protection for an information system or organization.
Source(s):
CNSSI 4009-2015 from NIST SP 800-53 Rev. 4 - Adapted
NIST SP 800-53 Rev. 4 [Superseded] under Compensating Security Controls from CNSSI 4009 - Adapted
NIST SP 800-53A Rev. 4 [Superseded] under Compensating Security Controls from NIST SP 800-53

  The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST SP 800-53, that provide equivalent or comparable protection for an information system.
Source(s):
NIST SP 800-18 Rev. 1 under Compensating Security Controls

  The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system.
Source(s):
NIST SP 800-137 under Compensating Security Controls from NISTIR 7298
NIST SP 800-37 Rev. 1 [Superseded] under Compensating Security Controls