Definitions[]
U.S. government[]
An authorizing official (AO) (also called an accreditation authority) is an
“ | [o]fficial with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.[1] | ” |
“ | [t]he key stakeholder with the responsibility and authority to determine that the system delivered by the engineering effort meets its requirements and may be offered for use.[2] | ” |
References[]
- ↑ NIST Special Publication 800-60, Vol. I, Rev. 1, at A-1; FIPS 200, NIST Special Publication 800-37.
- ↑ NIST Special Publication 800-160, at B-3.