The IT Law Wiki


An accrediting authority

[is a] customer official who has the authority to decide on accepting the security safeguards prescribed or who is responsible for issuing an accreditation statement that records the decision to accept those safeguards.[1]
formally accepts security responsibility for the operation of an AIS or network and officially declares that a specified AIS or network will adequately protect intelligence against compromise, destruction, or unauthorized alteration through the continuous employment of safeguards including administrative, procedural, physical, personnel, communications security, emanations security, and computer-based (e.g., hardware, firmware, software) controls.[2]