Accreditation (Dictionary Entry)
Accreditation
Alternative Forms
Security Accreditation
Security Accreditation Phase
Definitions
Definition 1
An administrative action by which a designated authority declares that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards.
Related Terms
Certification
Quotes
The Security Accreditation Phase consists of two tasks: (i) security accreditation decision; and (ii) security accreditation documentation. The purpose of this phase is to determine if the remaining known vulnerabilities in the information system (after the implementation of an agreed-upon set of security controls) pose an acceptable level of risk to agency operations, agency assets, or individuals. Upon successful completion of this phase, the information system owner will have: (i) authorization to operate the information system; (ii) an interim authorization to operate the information system under specific terms and conditions; or (iii) denial of authorization to operate the information system.
(…)
Completing a security accreditation ensures that an information system will be operated with appropriate management review, that there is ongoing monitoring of security controls, and that reaccreditation occurs periodically in accordance with federal or agency policy and whenever there is a significant change to the system or its operational environment.
(NIST SP 800-37, 2004, p. 2)
$ accreditation
(N) An administrative action by which a designated authority declares that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. [FP102, SP37] (See: certification.)
Tutorial: An accreditation is usually based on a technical certification of the system’s security mechanisms. To accredit a system, the approving authority must determine that any residual risk is an acceptable risk. Although the terms "certification" and "accreditation" are used more in the U.S. DoD and other U.S. Government agencies than in commercial organizations, the concepts apply any place where managers are required to deal with and accept responsibility for security risks. For example, the American Bar Association is developing accreditation criteria for CAs.
(RfC 4949, 2007, p. 13)
Bibliography
See Also
-
Accreditation (Dictionary Entry) (Dictionary)
-
NIST SP 800-37, 2004 (Bibliography)
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.