U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

external information system (or component)

Definition(s):

  An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.
Source(s):
CNSSI 4009-2015 from NIST SP 800-37 Rev. 1, NIST SP 800-53 Rev. 4
NIST SP 800-37 Rev. 1 [Superseded] under External Information System (or Component)
NIST SP 800-53 Rev. 4 [Superseded] under External Information System (or Component)

  A system or component of a system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.
Source(s):
NIST SP 800-171 Rev. 2 under external system (or component)
NIST SP 800-172 under external system (or component)
NIST SP 800-171 Rev. 1 [Superseded] under external system (or component)

  A system or system element that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required controls or the assessment of control effectiveness.
Source(s):
NIST SP 800-37 Rev. 2 under external system (or component)

  A system or component of a system that is used by but is not a part of an organizational system and for which the organization has no direct control over the implementation of required security and privacy controls or the assessment of control effectiveness.
Source(s):
NIST SP 800-53 Rev. 5 under external system (or component)