The framework of policies and technology that manages digital identities and controls their access to resources.
Identity and Access Management governs the full lifecycle of a digital identity: creating accounts, assigning the right access, adjusting it as roles change, and removing it promptly when someone leaves. It enforces who can access what, and under which conditions.
Strong IAM underpins least privilege and access control, and it is where capabilities such as single sign-on and multi-factor authentication are typically managed.
Related frameworks
KaitoSec