Organizational System(s) (Glossary)

The term organizational system is used in many of the CUI security requirements in NIST Special Publication 800-171.  This term has a specific meaning regarding the scope of applicability for the CUI security requirements.  The requirements apply only to components of nonfederal systems that process, store, or transmit CUI, or that provide security protection for such components.  The appropriate scoping for the security requirements is an important factor in determining protection-related investment decisions and managing security risk for nonfederal organizations that have the responsibility of safeguarding CUI.