Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

accreditation

Abbreviation(s) and Synonym(s):

authorize processing
Authorize Processing

Definition(s):

  See Authorization.
Source(s): NIST SP 800-37 Rev. 1 under Authorize Processing

  The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
Source(s): FIPS 200 under ACCREDITATION
NIST SP 800-18 Rev. 1 under Accreditation
NIST SP 800-60 Vol. 1 Rev. 1 under Accreditation
NIST SP 800-82 Rev. 2 under Accreditation

  See Authorization.
Source(s): NIST SP 800-53 Rev. 4 under Authorize Processing

  Formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. See authorization to operate (ATO). Rationale: The Risk Management Framework uses a new term to refer to this concept, and it is called authorization.
Source(s): CNSSI 4009-2015 under accreditation

  1. Identifies the information resources covered by an accreditation decision, as distinguished from separately accredited information resources that are interconnected or with which information is exchanged via messaging. Synonymous with Security Perimeter.
Source(s): CNSSI 4009-2015 under accreditation boundary

  2. For the purposes of identifying the Protection Level for confidentiality of a system to be accredited, the system has a conceptual boundary that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system. See authorization boundary. Rationale: The Risk Management Framework uses a new term to refer to the concept of accreditation, and it is called authorization. Extrapolating, the accreditation boundary would then be referred to as the authorization boundary.
Source(s): CNSSI 4009-2015 under accreditation boundary

  See authorization.
Source(s): CNSSI 4009-2015 under authorize processing

  also known as authorize processing (OMB Circular A-130, Appendix III),and approval to operate. Accreditation (or authorization to process information) is granted by a management official and provides an important quality control. By accrediting a system or application, a manager accepts the associated risk. Accreditation (authorization) must be based on a review of controls. (See Certification.)
Source(s): NIST SP 800-16 under Accreditation

  Formal declaration by a Designated Approving Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
Source(s): NIST SP 800-32 under Accreditation

  See Accreditation.
Source(s): NIST SP 800-18 Rev. 1 under Authorize Processing