The process an organization employs to assign security controls to specific information system components responsible for providing a particular security capability (e.g., router, server, remote sensor).
Sources:
CNSSI 4009-2015
The process an organization employs to determine whether security controls are defined as system-specific, hybrid, or common.
The process an organization employs to assign security controls to specific information system components responsible for providing a particular security capability (e.g., router, server, remote sensor).
Sources:
NIST SP 800-137
under Allocation
The process an organization employs to determine whether security controls are defined as system-specific, hybrid, or common.
Sources:
CNSSI 4009-2015
The process an organization employs to assign security or privacy requirements to an information system or its environment of operation; or to assign controls to specific system elements responsible for providing a security or privacy capability (e.g., router, server, remote sensor).
Sources:
NIST SP 800-37 Rev. 2