This is a potential security issue, you are being redirected to https://csrc.nist.gov.
A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.
CNSSI 4009-2015 under security control inheritance
See security control inheritance.