A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.
Source(s):
NIST SP 800-137
under Security Control Inheritance
CNSSI 4009
NIST SP 800-30 Rev. 1
under Security Control Inheritance
CNSSI 4009
NIST SP 800-37 Rev. 1
under Security Control Inheritance
NIST SP 800-39
under Security Control Inheritance
CNSSI 4009
NIST SP 800-53 Rev. 4
under Security Control Inheritance
CNSSI 4009
NIST SP 800-53A Rev. 4
under Security Control Inheritance
NISTIR 8170
under Security Control Inheritance
CNSSI 4009
A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.
Source(s):
CNSSI 4009-2015
NIST SP 800-53A Rev. 1
See security control inheritance.
Source(s):
CNSSI 4009-2015
under inheritance
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
