U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

authorize processing

Abbreviation(s) and Synonym(s):

Accreditation
authorization
Authorization

Definition(s):

  The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
Source(s):
NIST SP 800-18 Rev. 1 under Accreditation from NIST SP 800-37
NIST SP 800-60 Vol. 1 Rev. 1 under Accreditation from FIPS 200, NIST SP 800-37
NIST SP 800-82 Rev. 2 under Accreditation from NIST SP 800-53

  The right or a permission that is granted to a system entity to access a system resource.
Source(s):
NIST SP 800-82 Rev. 2 under Authorization from RFC 4949
NIST SP 1800-27C under Authorization from NIST SP 800-82 Rev. 2

  Access privileges granted to a user, program, or process or the act of granting those privileges.
Source(s):
CNSSI 4009-2015 under authorization
NIST SP 800-53 Rev. 5 under authorization from CNSSI 4009-2015

  The official management decision given by a senior official to authorize operation of a system or the common controls inherited by designated organizations systems and to explicitly accept the risk to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Also known as authorization to operate.
Source(s):
NIST SP 800-12 Rev. 1 under Authorization

  The process that takes place after authentication is complete to determine which resources/services are available to a WiMAX device.
Source(s):
NIST SP 800-127 [Withdrawn] under Authorization

  The process of verifying that a requested action or service is approved for a specific entity.
Source(s):
NIST SP 800-152 under Authorization

  also known as authorize processing (OMB Circular A-130, Appendix III),and approval to operate. Accreditation (or authorization to process information) is granted by a management official and provides an important quality control. By accrediting a system or application, a manager accepts the associated risk. Accreditation (authorization) must be based on a review of controls. (See Certification.)
Source(s):
NIST SP 800-16 under Accreditation

  See Accreditation.
Source(s):
NIST SP 800-18 Rev. 1 under Authorize Processing

  The granting or denying of access rights to a user, program, or process.
Source(s):
NIST SP 800-33 [Withdrawn] under authorization
NISTIR 7316 under Authorization
NIST SP 800-27 Rev. A [Withdrawn] under authorization

  Formal declaration by a Designated Approving Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
Source(s):
NIST SP 800-32 under Accreditation

  Access privileges that are granted to an entity; conveying an “official” sanction to perform a security function or activity.
Source(s):
NIST SP 800-57 Part 1 Rev. 4 [Superseded] under Authorization
NIST SP 800-57 Part 1 Rev. 3 [Superseded] under Authorization

  Access privileges granted to an entity; conveys an “official” sanction to perform a security function or activity.
Source(s):
NIST SP 800-57 Part 2 [Superseded] under Authorization

  Access privileges granted to an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity.
Source(s):
NIST SP 800-57 Part 2 Rev.1 under Authorization

  The process of verifying that a requested action or service is approved for a speciic entity.
Source(s):
NIST SP 800-57 Part 2 Rev.1 under Authorization

  See authorization.
Source(s):
CNSSI 4009-2015 from NIST SP 800-53 Rev. 4, NIST SP 800-37 Rev. 1
NIST SP 800-37 Rev. 1 under Authorize Processing
NIST SP 800-53 Rev. 4 under Authorize Processing

  Access privileges that are granted to an entity that convey an “official” sanction to perform a security function or activity.
Source(s):
NIST SP 800-57 Part 1 Rev. 5 under Authorization

  The process of initially establishing access privileges of an individual and subse­quently verifying the acceptability of a request for access.
Source(s):
NISTIR 4734 under Authorization