The right or a permission that is granted to a system entity to access a system resource.
Sources:
NIST SP 1800-10B
under Authorization
from
NIST SP 800-82r3
NIST SP 1800-27C
under Authorization
from
NIST SP 800-82r3
Access privileges granted to a user, program, or process or the act of granting those privileges.
Sources:
CNSSI 4009-2015
NIST SP 800-160 Vol. 2 Rev. 1
from
CNSSI 4009-2015
NIST SP 800-53 Rev. 5
from
CNSSI 4009-2015
NIST SP 800-53A Rev. 5
from
CNSSI 4009-2015
The official management decision given by a senior official to authorize operation of a system or the common controls inherited by designated organizations systems and to explicitly accept the risk to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Also known as authorization to operate.
Sources:
NIST SP 800-12 Rev. 1
under Authorization
The process of verifying that a requested action or service is approved for a specific entity.
Sources:
NIST SP 800-152
under Authorization
NIST SP 800-57 Part 2 Rev.1
under Authorization
See Accreditation.
Sources:
NIST SP 800-18 Rev. 1
under Authorize Processing
Access privileges granted to an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity.
Sources:
NIST SP 800-57 Part 2 Rev.1
under Authorization
See authorization.
Sources:
CNSSI 4009-2015
under authorize processing
NIST SP 800-137
under Security Authorization
Access privileges that are granted to an entity that convey an “official” sanction to perform a security function or activity.
Sources:
NIST SP 800-57 Part 1 Rev. 5
under Authorization
The process of granting or denying specific requests for obtaining and using information and related information processing services; and to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).
Sources:
NIST SP 800-53 Rev. 5
under access control
The decision to permit or deny a subject access to system objects (network, data, application, service, etc.)
Sources:
NIST SP 800-162
under access control
The official management decision of the Designated Authorizing Official to permit operation of an issuer after determining that the issuer’s reliability has satisfactorily been established through appropriate assessment processes.
Sources:
NIST SP 800-79-2
under Authorization
The right or a permission that is granted to a system entity to access a system resource.
Sources:
NIST SP 800-82r3
from
RFC 4949 - adapted
The official management decision given by a senior organizational official to authorize the operation of an information system and to explicitly accept the risk to organizational operations and assets, individuals, other organizations, and the Nation, based on the implementation of an agreed-upon set of security controls.
Sources:
NIST SP 800-175A
The granting or denying of access rights to a user, program, or process.
Sources:
NISTIR 7316
under Authorization
The process of initially establishing access privileges of an individual and subsequently verifying the acceptability of a request for access.
Sources:
NISTIR 4734
under Authorization