U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

accreditation

Abbreviation(s) and Synonym(s):

authorization to operate
Authorize Processing

Definition(s):

  The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
Source(s):
FIPS 200 under ACCREDITATION
NIST SP 800-18 Rev. 1 under Accreditation
NIST SP 800-60 Vol. 1 Rev. 1 under Accreditation from FIPS 200
NIST SP 800-82 Rev. 2 under Accreditation

  also known as authorize processing (OMB Circular A-130, Appendix III),and approval to operate. Accreditation (or authorization to process information) is granted by a management official and provides an important quality control. By accrediting a system or application, a manager accepts the associated risk. Accreditation (authorization) must be based on a review of controls. (See Certification.)
Source(s):
NIST SP 800-16 under Accreditation

  See Accreditation.
Source(s):
NIST SP 800-18 Rev. 1 under Authorize Processing

  The official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Authorization also applies to common controls inherited by agency information systems.
Source(s):
NIST SP 800-161r1 under authorization to operate from NIST SP 800-53 Rev. 5
NIST SP 800-37 Rev. 2 under authorization to operate from OMB Circular A-130 (2016)
NIST SP 800-53 Rev. 5 under authorization to operate from OMB Circular A-130 (2016)
NIST SP 800-53A Rev. 5 under authorization to operate from OMB Circular A-130 (2016)

  See authorization.
Source(s):
CNSSI 4009-2015 under authorize processing

  Formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.
Source(s):
CNSSI 4009-2015

  The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
Source(s):
CNSSI 4009-2015 under authorization to operate