How Can We Help?
The process an organization employs to determine whether security controls are defined as system-specific, hybrid, or common.
The process an organization employs to assign security controls to specific information system components responsible for providing a particular security capability (e.g., router, server, remote sensor).
SOURCE: SP 800-37