This is a potential security issue, you are being redirected to https://csrc.nist.gov.
NIST SP 800-16
Authorization to Operate; One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.
NIST SP 800-79-2 under ATO
The official management decision issued by a designated accrediting authority (DAA) or principal accrediting authority (PAA) to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. See authorization to operate (ATO). Rationale: Term has been replaced by the term “authorization to operate (ATO)”.
[Superseded] under approval to operate (ATO)