A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.
Sources:
NIST SP 800-137
under Security Control Inheritance
from
CNSSI 4009
NIST SP 800-30 Rev. 1
under Security Control Inheritance
from
CNSSI 4009
NIST SP 800-39
under Security Control Inheritance
from
CNSSI 4009
NISTIR 8170
under Security Control Inheritance
from
CNSSI 4009
A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.
Sources:
CNSSI 4009-2015
See security control inheritance.
Sources:
CNSSI 4009-2015
under inheritance