Ver:
· Clave
Dar seguridad de que alguien o algo es lo que representa o parece.
DRAE. Diccionario
de la Lengua Española.
Autorizado oficialmente para un Rol. Por ejemplo, una organización acreditada podría estar autorizada para impartir cursos o para dirigir una Auditoría. [ITIL:2007]
Autorización otorgada por la autoridad responsable de la acreditación, para manejar información nacional clasificada hasta un grado determinado, o en unas determinadas condiciones de integridad o disponibilidad, con arreglo a su concepto de operación.
Autoridad responsable de conceder autorización a un Sistema para manejar información clasificada hasta un grado determinado, o en unas determinadas condiciones de integridad o disponibilidad, con arreglo a su concepto de operación.
1. Acción de facultar a un sistema o red de información para que procese datos sensibles, determinando el grado en el que el diseño y la materialización de dicho sistema cumple los requerimientos de seguridad técnica preestablecidos.
2. Proceso de reconocer la competencia técnica y la imparcialidad de un organismo encargado de efectuar evaluaciones. [CCN-STIC-101:2005] [CESID:1997]
1. Proceso de reconocimiento de la competencia técnica e imparcialidad de un laboratorio de evaluación para realizar las tareas que las corresponden (ITSEC).
2. Proceso de aceptación de un sistema o producto para su uso en un entorno particular con amenazas específicas. [Ribagorda:1997]
Official approval
given by an organization stating that sb/sth has achieved a required standard.
Oxford Advanced Learner's Dictionary.
Formal
declaration by a Designated Accrediting Authority (DAA) or Principal
Accrediting Authority (PAA) that an information system is approved to operate
at an acceptable level of risk, based on the implementation of an approved set
of technical, managerial, and procedural safeguards. See authorization.
[CNSSI_4009:2010]
in the context of
this document: formal declaration by a designated approving authority that a
system is approved to operate in a particular security mode using a prescribed
set of safeguards.
NOTE. This
definition is generally accepted within the security community; within ISO the
more generally used definition is: Procedure by which an authoritative body
gives formal recognition that a body or person is competent to carry out
specific tasks [ISO/IEC Guide 2].
[ISO-21827:2007]
(N) An administrative action by which a designated authority declares that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. [FP102, SP37]
(See: certification.) [RFC4949:2007]
Officially authorised to carry out a Role. For example an Accredited body may be authorised to provide training or to conduct Audits. [ITIL:2007]
The official
management decision given by a senior agency official to authorize operation of
an information system and to explicitly accept the risk to agency operations
(including mission, functions, image, or reputation), agency assets, or
individuals, based on the implementation of an agreed-upon set of security
controls. [NIST-SP800-53:2013] [FIPS-200:2006] [NIST-SP800-37:2004]
Security accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. By accrediting an information system, an agency official accepts responsibility for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize security accreditation. [NIST-SP800-100:2006]
has two
definitions according to circumstances:
·
the
procedure for accepting an IT system for use within a particular environment;
·
the
procedure for recognising both the technical competence and the impartiality of
a test laboratory to carry out its associated tasks.
[ITSEC:1991]
The official authorisation that is granted to an Automatic Data Processing (ADP) system to process sensitive information in its operational environment, based upon comprehensive security evaluation of the system's hardware, firmware, and software security design, configuration, and implementation and of the other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls. [TCSEC:1985]
The written
formal management decision to approve and authorize an organization to operate
a classified information system (IS) to process, store, transfer, or provide
access to classified information.
http://www.hr.lanl.gov/scourses/9369/76.htm
Officiellement autorisé à prendre en charge un Rôle. Par exemple, une personne accréditée ou un organisme accrédité peut être autorisée à fournir une formation ou à procéder à des Audits. [ITIL:2007]
Temas relacionados