Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center


A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z  |  Symbols





  The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
Source(s): FIPS 200
NIST SP 800-18 Rev. 1 (NIST SP 800-37)
NIST SP 800-82 Rev. 2 (NIST SP 800-53)

  Also known as authorize processing (OMB Circular A-130, Appendix III), and approval to operate. Accreditation (or authorization to process information) is granted by a management official and provides an important quality control. By accrediting a system or application, a manager accepts the associated risk. Accreditation (authorization) must be based on a review of controls. (See Certification.).
Source(s): NIST SP 800-16

  Formal declaration by a Designated Approving Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
Source(s): NIST SP 800-32

Authorize Processing
  See authorization.
Source(s): CNSSI 4009-2015
Approval To Operate
See Also: