Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains.

Source: NIST SP 800-53 Rev. 4 | Category: