Dar seguridad de que alguien o algo es lo que
representa o parece.
DRAE. Diccionario
de la Lengua Española.
Autorizado oficialmente para un Rol. Por ejemplo,
una organización acreditada podría estar autorizada para impartir cursos o para
dirigir una Auditoría. [ITIL:2007]
Autorización otorgada por la autoridad responsable
de la acreditación, para manejar información nacional clasificada hasta un
grado determinado, o en unas determinadas condiciones de integridad o
disponibilidad, con arreglo a su concepto de operación.
Autoridad responsable de conceder autorización a un
Sistema para manejar información clasificada hasta un grado determinado, o en
unas determinadas condiciones de integridad o disponibilidad, con arreglo a su
concepto de operación.
1. Acción de facultar a un sistema o red de
información para que procese datos sensibles, determinando el grado en el que
el diseño y la materialización de dicho sistema cumple los requerimientos de
seguridad técnica preestablecidos.
2. Proceso de reconocer la competencia técnica y la
imparcialidad de un organismo encargado de efectuar evaluaciones. [CCN-STIC-101:2005]
[CESID:1997]
1. Proceso de reconocimiento de la competencia
técnica e imparcialidad de un laboratorio de evaluación para realizar las
tareas que las corresponden (ITSEC).
2. Proceso de aceptación de un sistema o producto
para su uso en un entorno particular con amenazas específicas. [Ribagorda:1997]
Official approval given by
an organization stating that sb/sth has achieved a required standard.
Oxford Advanced Learner's Dictionary.
Formal declaration by a
Designated Accrediting Authority (DAA) or Principal Accrediting Authority (PAA)
that an information system is approved to operate at an acceptable level of
risk, based on the implementation of an approved set of technical, managerial,
and procedural safeguards. See authorization. [CNSSI_4009:2010]
in the context of this
document: formal declaration by a designated approving authority that a system
is approved to operate in a particular security mode using a prescribed set of
safeguards.
NOTE. This definition is
generally accepted within the security community; within ISO the more generally
used definition is: Procedure by which an authoritative body gives formal
recognition that a body or person is competent to carry out specific tasks
[ISO/IEC Guide 2].
[ISO-21827:2007]
(N) An administrative action
by which a designated authority declares that an information system is approved
to operate in a particular security configuration with a prescribed set of
safeguards. [FP102, SP37]
(See: certification.) [RFC4949:2007]
Officially authorised to
carry out a Role. For example an Accredited body may be authorised to provide
training or to conduct Audits. [ITIL:2007]
The official management
decision given by a senior agency official to authorize operation of an
information system and to explicitly accept the risk to agency operations
(including mission, functions, image, or reputation), agency assets, or
individuals, based on the implementation of an agreed-upon set of security
controls. [NIST-SP800-53:2013] [FIPS-200:2006] [NIST-SP800-37:2004]
Security accreditation is
the official management decision given by a senior agency official to authorize
operation of an information system and to explicitly accept the risk to agency
operations, agency assets, or individuals based on the implementation of an
agreed-upon set of security controls. By accrediting an information system, an
agency official accepts responsibility for the security of the system and is
fully accountable for any adverse impacts to the agency if a breach of security
occurs. Thus, responsibility and accountability are core principles that
characterize security accreditation. [NIST-SP800-100:2006]
has two definitions according
to circumstances:
·
the
procedure for accepting an IT system for use within a particular environment;
·
the
procedure for recognising both the technical competence and the impartiality of
a test laboratory to carry out its associated tasks.
[ITSEC:1991]
The official authorisation
that is granted to an Automatic Data Processing (ADP) system to process
sensitive information in its operational environment, based upon comprehensive
security evaluation of the system's hardware, firmware, and software security
design, configuration, and implementation and of the other system procedural,
administrative, physical, TEMPEST, personnel, and communications security
controls. [TCSEC:1985]
The written formal
management decision to approve and authorize an organization to operate a
classified information system (IS) to process, store, transfer, or provide
access to classified information.
http://www.hr.lanl.gov/scourses/9369/76.htm
Officiellement autorisé
à prendre en charge un Rôle. Par exemple, une personne accréditée ou un
organisme accrédité peut être autorisée à fournir une formation ou à procéder à
des Audits. [ITIL:2007]