A component which is or contains information and communications technology (ICT), including hardware, software, and firmware, whether custom, commercial, or otherwise developed, and which delivers or protects mission critical functionality of a system or which, because of the system’s design, may introduce vulnerability to the mission critical functions of an applicable system.
Sources:
CNSSI 4009-2015
from
DoDI 5200.44
A system element that, if compromised, damaged, or failed, could cause a mission or business failure.
Sources:
NISTIR 7622
under Critical Component