Term

accreditation

The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.

Senses

Sense 1

References

NIST CSRC GlossaryJan 05, 2026
accreditation
https://csrc.nist.gov/glossary/term/accreditation
NIST states most site information is public information and may be distributed or copied, except material marked as copyrighted; attribution requested. Verify per-document markings before quoting.
Source: NIST CSRC Glossary (csrc.nist.gov).

(N)

An administrative action by which a designated authority declares that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. [FP102, SP37] (See: certification.)

Tutorial: An accreditation is usually based on a technical certification of the system's security mechanisms. To accredit a system, the approving authority must determine that any residual risk is an acceptable risk. Although the terms "certification" and "accreditation" are used more in the U.S. DoD and other U.S. Government agencies than in commercial organizations, the concepts apply any place where managers are required to deal with and accept responsibility for security risks. For example, the American Bar Association is developing accreditation criteria for CAs.

References

IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026
RFC 4949 — Internet Security Glossary (Version 2)
https://www.rfc-editor.org/rfc/rfc4949.txt
RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
Source: IETF RFC 4949 (rfc-editor.org).