Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Glossary

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z  |  Symbols

Authorization (to operate)

Acronym(s):

None

Definition(s):

  The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
Source(s): NIST SP 800-137 (CNSSI 4009)
NIST SP 800-161 (NIST SP 800-53 Rev. 4)
NIST SP 800-37 Rev. 1
NIST SP 800-53 Rev. 4
NIST SP 800-30 (CNSSI 4009)
NIST SP 800-39
CNSSI 4009-2015 (NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 1, NIST SP 800-37 Rev. 1)

  The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls and privacy controls.
Source(s): NIST SP 800-53A Rev. 4 (Adapted from NIST SP 800-37)

Synonym(s):
Authorization To Operate
  One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.
Source(s): NIST SP 800-79-2
See Also: