What is IAM (identity and access management)?
Managing who can access what, and under what conditions — the NIST definition.
What it means
Per NIST, identity and access management (IAM) "broadly refers to the administration of individual identities within a system... In enterprise IT, identity management is about establishing and managing the roles and access privileges of individual network users."
IAM is foundational to security and compliance: it covers how users prove who they are (authentication) and what they're allowed to do (authorization). It appears across cloud, security, and systems-administration roles.
Definitional only.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary — identity and access management: https://csrc.nist.gov/glossary/term/identity_and_access_management
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | NIST CSRC glossary — identity and access management | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary — identity and access management |