Individual, or (system) process acting on behalf of an individual, authorized to access a system.
Source(s):
NIST SP 800-37 Rev. 2
NIST SP 800-171 Rev. 2
An individual or (system) process acting on behalf of an individual that is authorized to access information and information systems to perform assigned duties.
Note: With respect to SecCM, an information system user is an individual who uses the information system functions, initiates change requests, and assists with functional testing.
Source(s):
NIST SP 800-128