The hardware, software, or firmware of the system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.
Sources:
NIST SP 800-171r3
NIST SP 800-172
NIST SP 800-172A
NIST SP 800-53 Rev. 5
NIST SP 800-53B