Authorization

The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).

See CNSSI 4009-2015 under access control for more information.

The right or a permission that is granted to a system entity to access a system resource.

See the following for more information:

NIST SP 1800-10B under Authorization from NIST SP 800-82 Rev. 2

NIST SP 1800-27C under Authorization from NIST SP 800-82 Rev. 2

NIST SP 800-82 Rev. 2 under Authorization from RFC 4949

Access privileges granted to a user, program, or process or the act of granting those privileges.

See the following for more information:

CNSSI 4009-2015

NIST SP 800-160 Vol. 2 Rev. 1 from CNSSI 4009-2015

NIST SP 800-53 Rev. 5 from CNSSI 4009-2015

NIST SP 800-53A Rev. 5 from CNSSI 4009-2015

The official management decision given by a senior official to authorize operation of a system or the common controls inherited by designated organizations systems and to explicitly accept the risk to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Also known as authorization to operate.

See NIST SP 800-12 Rev. 1 under Authorization for more information.

The process of verifying that a requested action or service is approved for a specific entity.

See the following for more information:

NIST SP 800-152 under Authorization

NIST SP 800-57 Part 2 Rev.1 under Authorization

See Accreditation.

See NIST SP 800-18 Rev. 1 under Authorize Processing for more information.

Access privileges granted to an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity.

See the following for more information:

NIST SP 800-57 Part 2 Rev.1 under Authorization

NIST SP 800-57 Part 1 Rev. 5 under Authorization

See authorization.

See the following for more information:

CNSSI 4009-2015 under authorize processing

NIST SP 800-137 under Security Authorization

The decision to permit or deny a subject access to system objects (network, data, application, service, etc.)

See NIST SP 800-162 under access control for more information.

Share this Post