The IT Law Wiki


Computer security[]

Accreditation is

the authorization and approval, granted by a designated authority to a data processing system, computer network, organization, or individual, to process sensitive information or data.[1]
[t]he official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls."[2]
[t]he formal certification by a Cognizant Security Authority that a facility, designated area, or information system has met Director of National Intelligence (DNI) security standards for handling, processing, discussing, disseminating or storing Sensitive Compartmented Information.[3]

Critical infrastructure[]

Accreditation is

[a] program that ensures that Federal (including DHS), State, and local government entities have a clear understanding of, and are monitored in, their handling, use, dissemination and safeguarding of Protected Critical Infrastructure Information (PCII). The PCII accreditation program:
  • Prescribes adequate safeguarding measures and minimum requirements,
  • Ensures that PCII is handled and disseminated in accordance with the CII Act, the Regulation, and this Manual, and
  • Educates and trains PCII users in the proper handling, use, dissemination, and safeguarding of PCII.[4]

Information technology[]

Accreditation is "a formal authorization by management for the system to process information."[5]

Accreditation is

the official management authorization to operate an AIS or network: (1) in a particular security mode; (2) with a prescribed set of administrative, environmental, and technical security safeguards; (3) against a defined threat and with stated vulnerabilities and countermeasures; (4) in a given operational environment; (5) under a stated operational concept; (6) with stated interconnections to other AISs or networks; and (7) at an acceptable level of risk for which the accrediting authority has formally assumed responsibility.[6]


Accreditation is "approval given to an organization for performing specific functions after it has met defined requirements."[7]


See also[]