See authorization to operate (ATO).
Sources:
CNSSI 4009-2015
See Authorization (to operate).
Sources:
NIST SP 800-30 Rev. 1
under Security Authorization (to Operate)
NIST SP 800-39
under Security Authorization(to Operate)
Official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Authorization also applies to common controls inherited by agency information systems.
Sources:
NIST SP 800-161r1-upd1
[11/1/2024 errata update]
under authorization to operate
from
NIST SP 800-53 Rev. 5
NIST SP 800-37 Rev. 2
under authorization to operate
from
OMB Circular A-130 (2016)
NIST SP 800-53 Rev. 5
under authorization to operate
from
OMB Circular A-130 (2016)
NIST SP 800-53A Rev. 5
under authorization to operate
from
OMB Circular A-130 (2016)
The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
Sources:
CNSSI 4009-2015
under authorization to operate