Authorization

 Definition(s):

Access privileges granted to a user, program, or process or the act of granting those privileges.

 Source: CNSSI-4009

Audit Trail

 Definition(s):

  1. A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.
  2. A record showing who has accessed an information technology (IT) system and what operations the user has performed during a given period.

 Source: CNSSI-4009

Accreditation

 Definition(s):

Formal declaration by a Designated Accrediting Authority (DAA) or Principal Accrediting Authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. 

Source: CNSSI-4009