Accreditation refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system. Accreditation is formally defined by Krutz and Vines as:

A formal declaration by a Designated Approving Authority (DAA) where an information system is approved to operate in a particular security mode by using a prescribed set of safeguards at an acceptable level of risk.

References

---

Krutz, Ronald L. and Vines, Russell Dean, The CISSP Prep Guide; Gold Edition, Wiley Publishing, Inc., Indianapolis, Indiana, 2003.