NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-10(3)Compensating Security Controls

Addressed through tailoring.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into SI-13. It previously addressed implementing compensating security controls when primary controls are unavailable during recovery.

Example 1: Document alternative security measures to use during recovery — for example, if your SIEM is down, have staff manually review firewall logs until monitoring is restored.

Example 2: If your primary MFA system is unavailable during recovery, define approved compensating controls like temporary IP restrictions and enhanced password requirements.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning