External Information System (or Component)

February 21, 2018

You are here:
< Back

An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.
SOURCE: SP 800-37; SP 800-53; CNSSI-4009