Authorization Official. A decision-maker overseeing system certifications, responsible for formal acceptance or denial of risk in compliance packages. The Authorization official must be of a senior official, or rank able to accept the risk of an operational system on behalf of the organization. Within the DoD the AO is the Component head; PAO for MA- managed information systems. The term Authorization Official (AO) supersedes the term Designated Accrediting Authority (DAA) as of 2012, and updated in 2014.
Applicability: Relevant in decision-making, system certifications, and risk acceptance and issues the Authority to Operate, Denial to Operate, Conditional Authority to Operate.
URL: NIST RMF Overview
Chairman of the Joint Chief of Staff Instruction (CJCSI) 8410.02