Interim Approval To Operate (IATO)

(1) A program whereby a laboratory demonstrates that something is operating under accepted standards to ensure quality assurance. (2) A management or administrative process of accepting a specific site installation/implementation for operational use based upon evaluations and certifications. (3) A formal declaration by a Designated Approving Authority (DAA) that the AIS is approved to operate in a particular security mode using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. (4) Formal declaration by a (DAA) that an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Formal declaration by a Designated Accrediting Authority (DAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. (. See security safeguards. )The formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
[view]

Temporary authorization granted by a designated approving authority for an information technology system to process, store, and transmit information based on preliminary results of security certification of the system.
[view]

A set of rules, part of an access control policy, by which access by security subjects to security objects is granted or denied. An authorization policy may be defined in terms of access control lists, capabilities or attributes assigned to security subjects, security objects or both.
[view]

MAC is a means of restricting access to data based on varying degrees of security requirements for information contained in the objects. A policybased means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (access control privileges) of subjects to access information of such sensitivity. Means of restricting access to objects based on the sensitivity of the information contained in the objects and the formal authorization (i. e. , clearance, formal access approvals, and needtoknow) of subjects to access information of such sensitivity. (. See discretionary access control. )
[view]

A security procedure under which users are granted only the minimum access authorization they need to perform required tasks. An access control philosophy that states that subjects are granted the minimal access possible for the completion of their work tasks.
[view]