Any organization or individual providing services which may include authorized access to an ICT or OT system.
Sources:
NIST SP 800-161r1-upd1
[11/1/2024 errata update]