Wikia

The IT Law Wiki

Accreditation

31,949pages on
this wiki
Talk0

Definitions Edit

Computer security Edit

Accreditation is

the authorization and approval, granted by a designated authority to a data processing system, computer network, organization, or individual, to process sensitive information or data.[1]
[t]he official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls."[2]
[t]he formal certification by a Cognizant Security Authority that a facility, designated area, or information system has met Director of National Intelligence (DNI) security standards for handling, processing, discussing, disseminating or storing Sensitive Compartmented Information.[3]

Critical infrastructure Edit

Accreditation is

[a] program that ensures that Federal (including DHS), State, and local government entities have a clear understanding of, and are monitored in, their handling, use, dissemination and safeguarding of Protected Critical Infrastructure Information (PCII). The PCII accreditation program:
  • Prescribes adequate safeguarding measures and minimum requirements,
  • Ensures that PCII is handled and disseminated in accordance with the CII Act, the Regulation, and this Manual, and
  • Educates and trains PCII users in the proper handling, use, dissemination, and safeguarding of PCII.[4]

Information technology Edit

Accreditation is "a formal authorization by management for the system to process information."[5]

Accreditation is

the official management authorization to operate an AIS or network: (1) in a particular security mode; (2) with a prescribed set of administrative, environmental, and technical security safeguards; (3) against a defined threat and with stated vulnerabilities and countermeasures; (4) in a given operational environment; (5) under a stated operational concept; (6) with stated interconnections to other AISs or networks; and (7) at an acceptable level of risk for which the accrediting authority has formally assumed responsibility.[6]

References Edit

  1. Telecom Glossary 2007.
  2. NIST Special Publication 800-53; NIST, FIPS 200.
  3. Intelligence Community Standard 700-01, at 2.
  4. Protected Critical Infrastructure Information Program Procedures Manual, at App. 2-1.
  5. Information Management: Challenges in Implementing an Electronic Records Archive, at 12.
  6. Security Policy for Uniform Protection of Intelligence Processed in Automated Information Systems and Networks, at §3.a.

See also Edit

Around Wikia's network

Random Wiki