A structured process that determines when a user is authorized to access information, systems, or services based on attributes of the user and of the information, system, or service.
Sources:
CNSSI 4009-2015