The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
- Browse Related Terms: Accreditation, Accrediting Authority, authorization, Authorize Processing, Authorizing Official, Certification and Accreditation (C&A), Cyber warriors, Identity, Risk, Risk Assessment, Security Accreditation, Security Authorization
In computer security, the authorization and approval--granted by a designated authority to a data processing system, computer network, organization, or individual--to process sensitive information or data. [2382-pt.8] 2. Formal declaration by a designated approving authority that an information system (IS) is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. [INFOSEC-99]
Also listed in: