All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.

Source: NIST SP 800-137 | Category: