U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

security authorization (to operate)

Abbreviation(s) and Synonym(s):

Authorization (to operate)

Definition(s):

  The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
Source(s):
CNSSI 4009-2015 under authorization to operate (ATO) from NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 1, NIST SP 800-37 Rev. 1
NIST SP 800-137 under Authorization (to operate) from CNSSI 4009
NIST SP 800-161 under Authorization (to operate) from NIST SP 800-53 Rev. 4
NIST SP 800-30 Rev. 1 under Authorization (to operate) from CNSSI 4009
NIST SP 800-37 Rev. 1 [Superseded] under Authorization (to operate)
NIST SP 800-53 Rev. 4 [Superseded] under Authorization (to operate)

  See authorization to operate (ATO).
Source(s):
CNSSI 4009-2015 from NIST SP 800-37 Rev. 1

  See Authorization (to operate).
Source(s):
NIST SP 800-30 Rev. 1 under Security Authorization (to Operate)
NIST SP 800-39 under Security Authorization(to Operate)

  The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls and privacy controls.
Source(s):
NIST SP 800-53A Rev. 4 under Authorization (to operate) from NIST SP 800-37 - Adapted