Individual, or (system) process acting on behalf of an individual, authorized to access an information system.
[Note: With respect to SecCM, an information system user is an individual who uses the information system functions, initiates change requests, and assists with functional testing.]
Source(s):
NIST SP 800-128
under Information System User
CNSSI 4009