Glossary term
PAM
Also: Privileged Access Management, Privileged Account Management
Software category for governing privileged access: vault, session management, just-in-time permissions, session recording, zero standing privilege. Mandatory stack under NIS2 and DORA for admin access.
Core functions: credential vault (rotating passwords), session proxy with recording, just-in-time provisioning (permission only for the time window), zero standing privilege (no permanent admin rights), approval workflows for elevation.
Market leaders: CyberArk, BeyondTrust, Delinea (formerly Thycotic/Centrify), One Identity Safeguard, ARCON. Cloud-native: HashiCorp Vault, AWS IAM Identity Center, Azure PIM, Google Cloud Privileged Access Manager.
Audit cases: BAIT BTO 6 requires separation of standard and admin accounts, documented assignment, regular recertification. NIS2 Art. 21 (i) requires personnel security and access control. DORA Art. 9 requires strict separation.
Related terms
IAM (Identity and Access Management)
The stack of systems that governs who has access to which systems under which conditions. IAM covers…
IGA
Software category for identity governance: lifecycle management, role modelling, access recertificat…
Zero Trust
A security model built on the principle that no user, device or network location is trusted by defau…
Joiner-Mover-Leaver
Standard-Workflow im Identity-Lifecycle-Management: Onboarding (Joiner), Rollenwechsel inkl. Berecht…
Passkeys
Phishing-resistant authentication credentials per WebAuthn/FIDO2 that keep private keys on the devic…
AI Act Conformity Assessment
Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …
AI Act Risk Categories
Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …
Audit-ready decision
A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir…