PREVIOUS

NEXT

authority (C.F.D.)

Person(s) or established bodies with rights and responsibilities to exert control in an administrative sphere.
Rationale: General definition of a commonly understood term.

authorization

Access privileges granted to a user, program, or process or the act of granting those privileges.

authorization boundary

All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.
Source: NIST SP 800-53 Rev 4; NIST SP 800-53A Rev 1; NIST SP 800-37 Rev 1

authorization package

See security authorization package

authorization to operate (ATO)

The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
Source: NIST SP 800-53 Rev 4; NIST SP 800-53A Rev 1; NIST SP 800-37 Rev 1

authorize processing

See authorization.
Source: NIST SP 800-53 Rev 4; NIST SP 800-37 Rev 1

authorized ID

The key management entity (KME) authorized to order against a traditional short title.
Source: CNSSI No. 4005 (COMSEC)

authorized user

Any appropriately cleared individual with a requirement to access an information system (IS) for performing or assisting in a lawful government purpose.
Source: DoDD 8570.01 (adapted)

authorized vendor

Manufacturer of information security (INFOSEC) equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically U.S. Government organizations or U.S. Government contractors.
Source: NSA/CSS Manual Number 3-16 (COMSEC)

authorizing official

A senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
Source: NIST SP 800-37 Rev 1; NIST SP 800-53 Rev 4

authorizing official designated
representative

An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization.
Source: NIST SP 800-37 Rev 1; DoDI 8510