U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

external information system (or component)

Definition(s):

  An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.
Source(s):
CNSSI 4009-2015 from NIST SP 800-37 Rev. 1, NIST SP 800-53 Rev. 4
NIST SP 800-37 Rev. 1 [Superseded] under External Information System (or Component)
NIST SP 800-53 Rev. 4 [Superseded] under External Information System (or Component)

  A system or component of a system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.
Source(s):
NIST SP 800-171 Rev. 2 under external system (or component)
NIST SP 800-172 under external system (or component)
NIST SP 800-171 Rev. 1 [Superseded] under external system (or component)

  A system or system element that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required controls or the assessment of control effectiveness.
Source(s):
NIST SP 800-37 Rev. 2 under external system (or component)

  A system or component of a system that is used by but is not a part of an organizational system and for which the organization has no direct control over the implementation of required security and privacy controls or the assessment of control effectiveness.
Source(s):
NIST SP 800-53 Rev. 5 under external system (or component)