What does security control inheritance refer to?

Security control inheritance refers to receiving protection from external security controls, which often occur at an organizational level where certain security measures are implemented universally across a system or environment. This concept is particularly relevant in large organizations that have a central security framework in place.

When a system or a component of an information system inherits security controls, it means that it can utilize the established safeguards without the need to replicate them locally, thus promoting efficiency and reducing the burden of maintaining separate controls. For example, if an organization has specific security measures in place—like firewalls, access controls, or encryption standards—individual systems or applications within that organization can inherit these protections, enhancing their security posture without needing to implement those controls independently.

The other options describe concepts that do not align with the principle of security control inheritance. Creating new security protocols is more about developing new measures rather than inheriting existing ones. Assessing local security measures is focused on evaluation instead of the process of relying on external controls. Documentation of security breaches pertains to incident management rather than the inheritance of security controls.