Ver:
Decisión formal
de la autoridad por la que se autoriza la entrada en producción de un sistema
de información, aceptando el riesgo residual al que esté expuesta.
The official management
decision given by a senior organizational official to authorize operation of an
information system and to explicitly accept the risk to organizational
operations (including mission, functions, image, or reputation), organizational
assets, individuals, other organizations, and the Nation based on the implementation
of an agreed-upon set of security controls. [NIST-SP800-53:2013]
All components of an
information system to be authorized for operation by an authorizing official
and excludes separately authorized systems, to which the information system is
connected. [NIST-SP800-53:2013]
A senior (federal) official
or executive with the authority to formally assume responsibility for operating
an information system at an acceptable level of risk to organizational
operations (including mission, functions, image, or reputation), organizational
assets, individuals, other organizations, and the Nation. [NIST-SP800-53:2013]
The official management
decision issued by a DAA or PAA to authorize operation of an information system
and to explicitly accept the residual risk to agency operations (including
mission, functions, image, or reputation), agency assets, or individuals. See
authorization to operate. [CNSSI_4009:2010]
The official management
decision given by a senior organizational official to authorize operation of an
information system and to explicitly accept the risk to organizational
operations (including mission, functions, image, or reputation), organizational
assets, individuals, other organizations, and the Nation based on the
implementation of an agreed-upon set of security controls. [CNSSI_4009:2010]
Temporary authorization
granted by a DAA for an information system to process information based on
preliminary results of a security evaluation of the system. (To be replaced by
ATO and POA&M) [CNSSI_4009:2010]