Authorization to Operate; One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.
NIST SP 800-79-2 under ATO
The official management decision issued by a designated accrediting authority (DAA) or principal accrediting authority (PAA) to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. See authorization to operate (ATO).
Rationale: Term has been replaced by the term “authorization to operate (ATO)”.
CNSSI 4009-2015 under approval to operate (ATO)
NIST SP 800-16