Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PCI Exam QSA_New_V4 Topic 5 Question 8 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 8
Topic #: 5
[All QSA_New_V4 Questions]

Which of the following is true regarding compensating controls?

Show Suggested Answer Hide Answer
Suggested Answer: B

Compensating Controls Definition and Purpose

A compensating control is an alternate measure that satisfies the intent of a specific PCI DSS requirement and provides an equivalent level of security.

The rationale and risk mitigation must be explicitly documented using the Compensating Control Worksheet (CCW).

Mandatory Documentation

PCI DSS v4.0 mandates the use of a CCW when implementing compensating controls. This applies regardless of acquirer approvals.

The CCW requires detailed documentation including:

Constraints preventing the original requirement from being implemented.

Justification for the compensating control.

Description of the control and evidence of its effectiveness.

Using Existing Requirements

If an existing PCI DSS requirement (e.g., Requirement 5 for antivirus) is already implemented and can mitigate the risks of not meeting another requirement, it may qualify as a compensating control.

Approval and Review Process

QSAs must validate the implementation, effectiveness, and appropriateness of compensating controls during the assessment process


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel