Glossary

Access Certification Campaign

Access Control Framework

Access Control Policy

Access Creep

Access Deprovisioning

Access Governance

Access Governance Framework

Access Lifecycle Management (ALM)

Access Management

Access Request

Access Tokens

Access Transparency

Account Lockout Policy

Account Takeover (ATO)

Account Takeover Prevention

Active Directory Security

Adaptive MFA

AI Identity Impersonation Risk

AI-Driven Access Decisions

Anomalous Access Detection

API Identity Security

API Key Management

API Security

Application-Level Identity

Asymmetric Encryption

Attack Surface Management

Audit Automation

Audit Compliance

Audit Evidence

Audit Logs

Audit Readiness

Audit Trail

Automated Access Reviews

Automated Deprovisioning

Autonomous Identity Governance

B2B Identity Governance

Bastion Host

Behavioral Analytics

Behavioral Biometrics

Biometric Authentication

Biometric Liveness Detection

Breach Detection

Brute Force Attack

Certificate Authority (CA)

Certificate Lifecycle Management

Certificate-Based Authentication

CI/CD Pipeline Security

Cloud Access Security Broker (CASB)

Cloud Entitlement Sprawl

Cloud Identity

Cloud Identity Governance

Cloud Infrastructure Entitlement Management (CIEM)

Cloud PAM

Cloud Privileged Access Management

Cloud Security Posture Management (CSPM)

Compliance Automation

Compliance Framework

Compliance Management

Compliance Reporting

Conditional Access

Consent Management

Container Identity

Context-Aware Authorization

Continuous Authentication

Continuous Compliance

Continuous Control Monitoring

Continuous Identity Verification

Continuous Monitoring

Continuous Privilege Validation

Continuous Threat Exposure Management (CTEM)

Credential Deception Technology

Credential Exposure

Credential Management

Credential Rotation

Credential Stuffing

Credential Theft

Credential Vaulting

Cross-Border Identity Compliance

Cross-Site Scripting (XSS)

Cross-Tenant Access Risk

Cryptographic Agility

Cryptographic Identity Binding

Customer Identity and Access Management (CIAM)

CVE (Common Vulnerabilities and Exposures)

Cybersecurity Mesh Architecture (CSMA)

Data Breach

Data Classification

Data Governance

Data Loss Prevention (DLP)

Data Privacy

Data Residency

Data Security

Data Security Posture Management (DSPM)

DDoS Protection

Decentralized Identifiers (DIDs)

Decentralized Identity (DID)

Deception Technology

Defense in Depth

Delegated Administration

Deny by Default

Device Authentication

DevSecOps Identity Integration

Digital Certificate

Digital Identity

Digital Identity Verification

Digital Identity Wallet

Digital Signature

Directory Services

DMZ (Demilitarized Zone)

DPDPA Compliance

Dynamic Access Control

Electronic Signature

Encryption Key Management

Endpoint Detection and Response (EDR)

Entitlement Creep

Entitlement Intelligence

Entitlement Management

Entitlement Review

Federated Identity Management

FIDO2 / WebAuthn

GitOps Identity Controls

Governance Automation

Governance Framework

Governance, Risk, and Compliance (GRC)

Governance, Risk, and Compliance (GRC)

Hash Function

HMAC (Hash-Based Message Authentication Code)

Human vs Non-Human Identity

Hybrid Identity

IaC Security Posture

Identity Analytics

Identity Assurance

Identity Assurance Level (IAL)

Identity Attack Path Analysis

Identity Attack Surface

Identity Blast Radius

Identity Choreography

Identity Compliance

Identity Correlation

Identity Data Lineage

Identity Fabric

Identity Fabric Architecture

Identity Federation

Identity Graph

Identity Honeytokens

Identity Intelligence

Identity is the New Perimeter

Identity Proofing

Identity Provider (IdP)

Identity Resilience

Identity Risk Management

Identity Risk Scoring

Identity Security

Identity Segmentation

Identity Sprawl

Identity Threat Detection

Identity Threat Detection and Response (ITDR)

Identity Threat Intelligence

Identity Verification

Identity-Based Access Control

Identity-Centric Security

Implicit Deny

Incident Response

Indicators of Compromise (IOC)

Infrastructure Identity

Insider Threat Detection

Intrusion Prevention System (IPS)

Joiner-Mover-Leaver (JML)

JSON Web Token (JWT)

Jump Server

Just-in-Time (JIT) Access

Just-in-Time Elevation

Kerberos Authentication

Key Management

Know Your Customer (KYC)

Knowledge-Based Authentication (KBA)

Lateral Movement Detection

LDAP (Lightweight Directory Access Protocol)

Least Privilege

Least Privilege Enforcement

Machine-to-Machine Authentication

Managed Identity

Microsegmentation

MITRE ATT&CK Framework

Mutual Authentication

Mutual TLS (mTLS)

Network Detection and Response (NDR)

Network Segmentation

NIST SP 800-63

Non-Human Identity Governance

Non-Repudiation

OAuth 2.0

OAuth 2.0 Security

OAuth App Governance

One-Time Password (OTP)

OpenID Connect (OIDC)

Out-of-Band Authentication

OWASP Top 10

Passkeys

Passkeys and FIDO2

Password Management

Password Policy

Password Spraying

Passwordless Authentication

Patch Management

Peer Group Analytics

Personally Identifiable Information (PII)

Phishing Detection

Phishing-Resistant Authentication

Policy Enforcement

Policy Management

Policy-as-Code

Post-Quantum Cryptography (PQC)

Presentation Attack Detection (PAD)

Privacy-Preserving Authentication

Privilege Creep

Privilege Escalation

Privileged Account

Privileged Cloud Access

Privileged Identity Management (PIM)

Privileged Session Management

Public Key Infrastructure (PKI)

Quantum Computing

Quantum Cryptography

Risk Assessment

Risk Management

Risk-Based Access

Risk-Based Authentication

Role Certification

Role Engineering

Role Governance

Role Management

Role-Based Provisioning

Root Access

Root Privileges

Runtime Access Controls

Runtime Application Self-Protection (RASP)

SaaS Governance

SaaS Identity Sprawl

SaaS Security Posture Management (SSPM)

SAML

SAP GRC Access Control

Secrets Management

Secrets Rotation Automation

Secure Access Service Edge (SASE)

Secure Email Gateway

Security Service Edge (SSE)

Self-Sovereign Identity (SSI)

Separation of Duties

Service Account Governance

Service Provider (SP)

Session Management

Session Recording

Shadow IT

SOC 2 Compliance

Social Engineering

Software-Defined WAN (SD-WAN)

SPIFFE / SPIRE

SQL Injection

SSH Key Management

SSL/TLS Certificate

Step-Up Authentication

Strong Authentication

Supply Chain Identity Risk

Synthetic Identity Fraud

Tenant Isolation

Third-Party Access Management

Third-Party Risk Management (TPRM)

Threat Detection

Threat Detection and Response

Threat Intelligence

Time-Based One-Time Password (TOTP)

Token Management

Transport Layer Security (TLS)

Two-Factor Authentication (2FA)

User Access Audit

User and Entity Behavior Analytics (UEBA)

Vendor Risk Management

Web Application and API Protection (WAAP)

WebAuthn

Workload Identity Federation