11 July 2019

IT: Authorization (Definitions)

"Access privileges granted to a user, program, or process or the act of granting those privileges." (CNSSI 4009-2015)

"Authorization is defined as a process ensuring that correctly authenticated users can access only those resources for which the owner has given them approval." (Gartner)

"The granting or denying of access rights to a user, program, or process." (NIST SP 800-33)

[authorization to operate:] "The official management decision given by a senior official to authorize operation of a system or the common controls inherited by designated organizations systems and to explicitly accept the risk to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls." (NIST SP 800-12 Rev. 1)

"The process of initially establishing access privileges of an individual and subse­quently verifying the acceptability of a request for access." (NISTIR 4734)

"The process of verifying that a requested action or service is approved for a specific entity."(NIST SP 800-152) 

"The right or a permission that is granted to a system entity to access a system resource."(NIST SP 800-82 Rev. 2)






Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...

About Me

My photo
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.