The security-related features, functions, mechanisms, services, procedures, and architectures implemented within organizational information systems or the environments in which those systems operate.
Sources:
NIST SP 800-53 Rev. 5
NIST SP 800-53A Rev. 5
NIST SP 800-53B