Term:Authorization

CNSSI 4009

Authorization - Access privileges granted to a user, program, or process.

GAO-09-232G

Authorization - The official management decision given by a senior agency/entity official to authorize operation of an information system and to explicitly accept the risk to agency/entity operations (including mission, functions, image, or reputation), agency/entity assets, or individuals, based on the implementation of an agreedupon set of security controls.

NIST IR 7298

Authorization - The official management decision given by a [[Term:senior agency official | senior agency official]] to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. SOURCE: SP 800-37

NIST SP 800-103 Draft

Authorization - Permission to perform some action.

NIST SP 800-116

Authorization - In this publication, a process that associates permission to access a resource or asset with a person and the person's identifier(s).

NIST SP 800-120

Authorization - A procedure to verify whether an entity is eligible to access a requested network or service.

NIST SP 800-127 Draft

Authorization - The process that takes place after authentication is complete to determine which resources/services are available to a WiMAX device.

NIST SP 800-27rA

Authorization - The granting or denying of access rights to a user, program, or process.

NIST SP 800-33

Authorization - The granting or denying of access rights to a user, program, or process.

NIST SP 800-37

Authorization - See Accreditation.

NIST SP 800-53r3

Authorization (to operate)- The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.

NIST SP 800-57P1

Authorization - Access privileges that are granted to an entity; conveying an "official" sanction to perform a security function or activity.

NIST SP 800-57P2

Authorization - Access privileges granted to an entity; conveys an "official" sanction to perform a security function or activity.

NIST SP 800-82 Final Draft

Authorization - The right or a permission that is granted to a system entity to access a system resource. [RFC 2828, Internet Security Glossary, May 2000, http://rfc.net/rfc2828.html.]