security control inheritance

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Abbreviations / Acronyms / Synonyms:

inheritance

CNSSI 4009-2015

Definitions:

  A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.
Sources:
NIST SP 800-137 under Security Control Inheritance from CNSSI 4009
NIST SP 800-30 Rev. 1 under Security Control Inheritance from CNSSI 4009
NIST SP 800-39 under Security Control Inheritance from CNSSI 4009
NISTIR 8170 under Security Control Inheritance from CNSSI 4009

  A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.
Sources:
CNSSI 4009-2015

  See security control inheritance.
Sources:
CNSSI 4009-2015 under inheritance

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.

See NISTIR 7298 Rev. 3 for additional details.