A structured process that determines when a user is authorized to access information, systems, or services based on attributes of the user and of the information, system, or service.
Source(s):
CNSSI 4009-2015