Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

Authorizing Official (AO)

Abbreviation(s) and Synonym(s):

Accrediting Authority
AO

Definition(s):

  Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.
Source(s):
FIPS 200 under AUTHORIZING OFFICIAL

  A senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
CNSSI 4009-2015 under authorizing official (NIST SP 800-37 Rev. 1 - NIST SP 800-53 Rev 4)
NIST SP 800-128 under Authorizing Official (CNSSI 4009)
NIST SP 800-37 Rev. 1 under Authorizing Official
NIST SP 800-53 Rev. 4 under Authorizing Official
NIST SP 800-53A Rev. 4 under Authorizing Official (NIST SP 800-37)
NIST SP 800-137 (CNSSI 4009)

  Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.
Source(s):
NIST SP 800-18 Rev. 1 under Authorizing Official (NIST SP 800-37)

  Senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-30 Rev. 1 under Authorizing Official (CNSSI 4009)
NIST SP 800-39 under Authorizing Official (CNSSI 4009)

  A senior (federal) official or executive with the authority to formally assume responsibility for operating a system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-12 Rev. 1 (NIST SP 800-37 Rev. 1)

  See Authorizing Official.
Source(s):
NIST SP 800-18 Rev. 1 under Accrediting Authority
NIST SP 800-60 Vol. 1 Rev. 1 under Accrediting Authority
NIST SP 800-60 Vol. 2 Rev. 1 under Accrediting Authority

  Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.
Source(s):
NIST SP 800-60 Vol. 1 Rev. 1 under Authorizing Official (FIPS 200, NIST SP 800-37)
NIST SP 800-60 Vol. 2 Rev. 1 under Authorizing Official (FIPS 200, NIST SP 800-37)

  Senior federal official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-161 (CNSSI 4009)
NISTIR 7622 under Authorizing Official (CNSSI 4009-2010)