Principal Accrediting Authority (C.F.D.) (PAA)

Principal Accrediting Authority (C.F.D.) (PAA) definition in Computer Security terms:

Acronym(s): PAA

Definition(s): Senior official with authority and responsibility for all intelligence systems within an agency.
Rationale: PAA was used in both the IC and the DoD, but with the publication of ICD 503, the IC no longer uses the term PAA. Within the DoD, the transition to the RMF changed the term to principal authorizing official (PAO). See principal authorizing official (PAO).
Source(s): CNSSI 4009-2015

Synonym(s): Principal Authorizing Official
A senior (federal) official or executive with the authority to oversee and establish guidance for the strategic implementation of cybersecurity and risk management within their mission areas (i.e., the warfighting mission area (WMA), business mission area (BMA), enterprise information environment mission area (EIEMA), and DoD portion of the intelligence mission area (DIMA) as defined in DoDI 8115.02).
Source(s): CNSSI 4009-2015


reference: CSRC Glossary