U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

Authorizing Official (AO)

Definition(s):

  Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.
Source(s):
FIPS 200 under AUTHORIZING OFFICIAL
NIST SP 800-60 Vol. 2 Rev. 1 under Authorizing Official from FIPS 200, NIST SP 800-37
NIST SP 800-60 Vol. 1 Rev. 1 under Authorizing Official from FIPS 200, NIST SP 800-37

  A senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
CNSSI 4009-2015 under authorizing official from NIST SP 800-37 Rev. 1, NIST SP 800-53 Rev. 4
NIST SP 800-128 under Authorizing Official from CNSSI 4009
NIST SP 800-37 Rev. 1 under Authorizing Official
NIST SP 800-53 Rev. 4 under Authorizing Official
NIST SP 800-53A Rev. 4 under Authorizing Official from NIST SP 800-37
NIST SP 800-137 from CNSSI 4009

  Senior federal official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-161 from CNSSI 4009
NISTIR 7622 under Authorizing Official from CNSSI 4009-2010

  Senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-30 Rev. 1 under Authorizing Official from CNSSI 4009
NIST SP 800-39 under Authorizing Official from CNSSI 4009

  Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.
Source(s):
NIST SP 800-18 Rev. 1 under Authorizing Official from NIST SP 800-37

  A senior (federal) official or executive with the authority to formally assume responsibility for operating a system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-12 Rev. 1 from NIST SP 800-37 Rev. 1

  A senior Federal official or executive with the authority to authorize (i.e., assume responsibility for) operation of an information system or the use of a designated set of common controls at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-128 under authorizing official from OMB Circular A-130

  See Authorizing Official.
Source(s):
NIST SP 800-18 Rev. 1 under Accrediting Authority
NIST SP 800-60 Vol. 1 Rev. 1 under Accrediting Authority
NIST SP 800-60 Vol. 2 Rev. 1 under Accrediting Authority

  A senior Federal official or executive with the authority to authorize (i.e., assume responsibility for) the operation of an information system or the use of a designated set of common controls at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation.
Source(s):
NIST SP 800-37 Rev. 2 under authorizing official
NIST SP 800-53 Rev. 5 under authorizing official from OMB Circular A-130 (2016)
NIST SP 800-53B under authorizing official from OMB Circular A-130 (2016)