PREVIOUS

NEXT

accountability

1. The principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.
Source: NSA/CSS Manual Number 3-16 (COMSEC)
2. The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.
Source: NIST SP 800-27 Rev A

accounting legend code (ALC)

A numeric code used to indicate the minimum accounting controls required for items of accountable COMSEC material within the COMSEC material control system (CMCS).
Source: NSA/CSS Manual Number 3-16 (COMSEC)

accounting number

A number assigned to an individual item of COMSEC material to facilitate its handling and accounting.
Source: NSA/CSS Manual Number 3-16 (COMSEC)

accreditation (C.F.D.)

Formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.
See authorization to operate (ATO).
Rationale: The Risk Management Framework uses a new term to refer to this concept, and it is called authorization.

accreditation boundary (C.F.D.)

1. Identifies the information resources covered by an accreditation decision, as distinguished from separately accredited information resources that are interconnected or with which information is exchanged via messaging. Synonymous with Security Perimeter.
2. For the purposes of identifying the Protection Level for confidentiality of a system to be accredited, the system has a conceptual boundary that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system. See authorization boundary.
Rationale: The Risk Management Framework uses a new term to refer to the concept of accreditation, and it is called authorization. Extrapolating, the accreditation boundary would then be referred to as the authorization boundary.

accreditation package (C.F.D.)

Product comprised of a system security plan (SSP) and a report documenting the basis for the accreditation decision.
Rationale: The RMF uses a new term to refer to this concept, and it is called RMF security authorization package.