U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

accreditation

Abbreviation(s) and Synonym(s):

Authorize Processing

Definition(s):

  The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
Source(s):
FIPS 200 under ACCREDITATION
NIST SP 800-18 Rev. 1 under Accreditation from NIST SP 800-37
NIST SP 800-60 Vol. 1 Rev. 1 under Accreditation from FIPS 200, NIST SP 800-37
NIST SP 800-82 Rev. 2 under Accreditation from NIST SP 800-53

  Formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. See authorization to operate (ATO). Rationale: The Risk Management Framework uses a new term to refer to this concept, and it is called authorization.
Source(s):
CNSSI 4009-2015 under accreditation

  1. Identifies the information resources covered by an accreditation decision, as distinguished from separately accredited information resources that are interconnected or with which information is exchanged via messaging. Synonymous with Security Perimeter.
Source(s):
CNSSI 4009-2015 under accreditation boundary

  2. For the purposes of identifying the Protection Level for confidentiality of a system to be accredited, the system has a conceptual boundary that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system. See authorization boundary. Rationale: The Risk Management Framework uses a new term to refer to the concept of accreditation, and it is called authorization. Extrapolating, the accreditation boundary would then be referred to as the authorization boundary.
Source(s):
CNSSI 4009-2015 under accreditation boundary

  also known as authorize processing (OMB Circular A-130, Appendix III),and approval to operate. Accreditation (or authorization to process information) is granted by a management official and provides an important quality control. By accrediting a system or application, a manager accepts the associated risk. Accreditation (authorization) must be based on a review of controls. (See Certification.)
Source(s):
NIST SP 800-16 under Accreditation

  See Accreditation.
Source(s):
NIST SP 800-18 Rev. 1 under Authorize Processing

  Formal declaration by a Designated Approving Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
Source(s):
NIST SP 800-32 under Accreditation

  See authorization.
Source(s):
CNSSI 4009-2015 under authorize processing from NIST SP 800-53 Rev. 4, NIST SP 800-37 Rev. 1
NIST SP 800-37 Rev. 1 under Authorize Processing
NIST SP 800-53 Rev. 4 under Authorize Processing