Compensating controls are security measures or practices that are put in place to satisfy the requirement of a primary control that cannot be implemented due to certain constraints (e.g., technical limitations, cost, complexity, or lack of resources). They serve as an alternative to the original control, effectively reducing risk in a similar way. Compensating controls should provide a similar level of protection as the original controls and are used when itβs impractical or impossible to implement the primary control directly. Learn more: https://en.wikipedia.org/wiki/Compensating_Controls