The IT Law Wiki

External information system

32,062pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

An external information system is

an information system or component of an information system that is outside of the authorization boundary established by a government organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.[1]

Overview Edit

NIST Special Publication 800-37 and NIST Special Publication 800-53 provide additional guidance on external information systems and the effect of employing security controls in those types of environments.

References Edit

  1. NIST Special Publication 800-53, App. B, Glossary. Note: The term external should not be interpreted as or equated to meaning physically external. A distributed system will have elements that are physically/geographically distributed while being logically within the same authorization boundary. NIST Special Publication 800-160, at B-5.

Also on Fandom

Random Wiki