┌─────────────────────────────────────────────────────────────────┐

IAM ACRONYMS REFERENCE

COMPREHENSIVE IDENTITY & ACCESS MANAGEMENT GLOSSARY

└─────────────────────────────────────────────────────────────────┘

> QUICK REFERENCE GUIDE FOR IAM SECURITY PROFESSIONALS

#

2FA – Two-Factor Authentication
Authentication method requiring two different verification factors

A

ABAC – Attribute-Based Access Control
Access control model where permissions are based on attributes (user, resource, environment)

ACL – Access Control List
List of permissions attached to an object specifying which users or system processes can access it

AD – Active Directory
Microsoft’s directory service for Windows domain networks

ADFS – Active Directory Federation Services
Microsoft’s implementation of federated identity and single sign-on

API – Application Programming Interface
Set of protocols and tools for building software applications

Azure AD – Azure Active Directory
Microsoft’s cloud-based identity and access management service

B

B2B – Business-to-Business
IAM solutions for managing partner and business relationships

B2C – Business-to-Consumer
IAM solutions for managing customer identities and access

B2E – Business-to-Employee
IAM solutions focused on employee identity management

BAC – Biometric Access Control
Authentication method using unique biological characteristics

BPM – Business Process Management
Methodology for improving and optimizing business processes

BYOD – Bring Your Own Device
Policy allowing employees to use personal devices for work

C

CA – Certificate Authority
Trusted entity that issues digital certificates

CAPTCHA – Completely Automated Public Turing test
Challenge-response test to determine whether the user is human

CASB – Cloud Access Security Broker
Security policy enforcement point between cloud service consumers and providers

CCPA – California Consumer Privacy Act
California state law governing consumer data privacy rights

CIAM – Customer Identity and Access Management
IAM solution focused on customer-facing applications

CNAPP – Cloud Native Application Protection Platform
Unified security platform for cloud-native applications

COPPA – Children’s Online Privacy Protection Act
US law protecting privacy of children under 13 online

COTS – Commercial Off-The-Shelf
Pre-built software solutions available for purchase

CSP – Cloud Service Provider
Company that offers cloud-based platform, infrastructure, or software services

CSPM – Cloud Security Posture Management
Tools for identifying and remediating cloud security risks

CWPP – Cloud Workload Protection Platform
Security solution protecting cloud workloads across environments

D

DAC – Discretionary Access Control
Access control where the owner determines who has access

DevSecOps – Development Security Operations
Integration of security practices within DevOps processes

DID – Decentralized Identifier
Blockchain-based identifier enabling self-sovereign identity

DLP – Data Loss Prevention
Strategy and tools to prevent unauthorized data transfer

DN – Distinguished Name
Unique identifier for an entry in a directory service

DPoP – Demonstrating Proof-of-Possession
OAuth extension for binding tokens to cryptographic keys

E

EAM – Enterprise Access Management
Centralized management of user access across enterprise systems

EDR – Endpoint Detection and Response
Security solution for monitoring endpoint and network events

F

FIDO – Fast Identity Online
Open authentication standard for passwordless authentication

FIM – Federated Identity Management
Agreement among multiple enterprises to permit users to use the same credentials

G

GDPR – General Data Protection Regulation
European Union regulation on data protection and privacy

GNAP – Grant Negotiation and Authorization Protocol
Next-generation authorization protocol successor to OAuth 2.0

GRC – Governance, Risk, and Compliance
Integrated approach to managing organizational governance, risk, and compliance

H

HIPAA – Health Insurance Portability and Accountability Act
US legislation providing data privacy and security for medical information

HOTP – HMAC-based One-Time Password
One-time password algorithm based on HMAC cryptographic function

I

IAM – Identity and Access Management
Framework of policies and technologies for managing digital identities

ICAM – Identity, Credential, and Access Management
Comprehensive framework for managing identities, credentials, and access

IDaaS – Identity as a Service
Cloud-based identity and access management service

IDM – Identity Management
Management of user identities and their access to resources

IdP – Identity Provider
Service that creates, maintains, and manages identity information

IaC – Infrastructure as Code
Managing infrastructure through machine-readable definition files

IGA – Identity Governance and Administration
Policy-based centralized orchestration of user identity management

ILM – Identity Lifecycle Management
Management of digital identities from creation to deletion

ISO 27001 – Information Security Management
International standard for information security management systems

J

JIT – Just-In-Time
Provisioning strategy where access is granted only when needed

JML – Joiner, Mover, Leaver
Identity lifecycle management framework for employee transitions

JWT – JSON Web Token
Compact, URL-safe means of representing claims between two parties

K

KBA – Knowledge-Based Authentication
Authentication method using information only the user should know

KDC – Key Distribution Center
Service that provides authentication tickets in Kerberos

L

LDAP – Lightweight Directory Access Protocol
Protocol for accessing and maintaining distributed directory information

LoA – Level of Assurance
Degree of confidence in authentication process

M

MAC – Mandatory Access Control
Access control where policies are set by system administrators

MDM – Mobile Device Management
Software for managing mobile devices in enterprise environments

MFA – Multi-Factor Authentication
Authentication requiring two or more verification factors

MTLS – Mutual TLS
Two-way authentication using TLS certificates for both client and server

N

NHI – Non-Human Identity
Identity for bots, services, API keys, and AI agents rather than users

NIST – National Institute of Standards and Technology
US agency that develops technology standards and cybersecurity frameworks

O

OAuth – Open Authorization
Open standard for access delegation commonly used for token-based authentication

OIDC – OpenID Connect
Identity layer built on top of OAuth 2.0 protocol

OTP – One-Time Password
Password valid for only one login session or transaction

P

PAM – Privileged Access Management
Solutions for managing and monitoring privileged accounts and access

PAR – Pushed Authorization Requests
OAuth extension for enhanced security by pushing authorization requests

PBAC – Policy-Based Access Control
Access control using policies to determine permissions

PCI DSS – Payment Card Industry Data Security Standard
Information security standard for organizations handling credit card data

PII – Personally Identifiable Information
Data that can be used to identify a specific individual

PKCE – Proof Key for Code Exchange
OAuth extension preventing authorization code interception attacks

PKI – Public Key Infrastructure
Framework for creating, managing, and revoking digital certificates

PIM – Privileged Identity Management
Managing elevated access and permissions for privileged accounts

PoLP – Principle of Least Privilege
Security concept of giving users minimum levels of access needed

PSD2 – Payment Services Directive 2
European regulation requiring strong customer authentication for payments

R

RADIUS – Remote Authentication Dial-In User Service
Networking protocol for centralized authentication and authorization

RAR – Rich Authorization Requests
OAuth extension for fine-grained authorization permissions

RBA – Risk-Based Authentication
Authentication method that varies based on risk assessment

RBAC – Role-Based Access Control
Access control where permissions are assigned based on user roles

REST – Representational State Transfer
Architectural style for designing networked applications

S

SAML – Security Assertion Markup Language
XML-based standard for exchanging authentication and authorization data

SCIM – System for Cross-domain Identity Management
Standard for automating exchange of user identity information

SIEM – Security Information and Event Management
Solution providing real-time analysis of security alerts and log data

SIOP – Self-Issued OpenID Provider
Decentralized authentication where users control their own identity provider

SOC 2 – Service Organization Control 2
Auditing standard for service providers storing customer data

SoD – Segregation of Duties
Principle that no single person should have control over all phases of a critical process

SOX – Sarbanes-Oxley Act
US federal law for financial record-keeping and reporting standards

SPIFFE – Secure Production Identity Framework For Everyone
Framework for establishing trust between software services with identity documents

SPIRE – SPIFFE Runtime Environment
Production-ready implementation of SPIFFE for workload identity

SSI – Self-Sovereign Identity
User-controlled decentralized identity without reliance on centralized providers

SSO – Single Sign-On
Authentication scheme allowing users to log in with a single set of credentials

STS – Security Token Service
Service that issues security tokens as part of federated identity

T

TOTP – Time-Based One-Time Password
Temporary password that is valid for only a short period

TLS – Transport Layer Security
Cryptographic protocol for secure communication over networks

U

U2F – Universal 2nd Factor
Open authentication standard for two-factor authentication using USB devices

UAM – User Access Management
Process of managing user access to systems and data

UBA – User Behavior Analytics
Tracking and analyzing user behavior to detect anomalies

UEBA – User and Entity Behavior Analytics
Advanced analytics examining behavior of users and entities to detect threats

UID – User Identifier
Unique identifier assigned to each user in a system

V

VC – Verifiable Credential
Cryptographic proof of claims about an identity that can be independently verified

VPN – Virtual Private Network
Encrypted connection over the internet from a device to a network

W

WAM – Web Access Management
Control access to web-based applications and resources

WebAuthn – Web Authentication
Web standard for secure authentication using public key cryptography

WS-FED – Web Services Federation
Identity federation standard for sharing identity information across security domains

X

XACML – eXtensible Access Control Markup Language
XML-based language for defining access control policies

Z

ZTA – Zero Trust Architecture
Security model that requires strict identity verification

ZTNA – Zero Trust Network Access
Security solution providing secure remote access based on defined access control policies

---

> REFERENCE COMPLETE | TOTAL ENTRIES: 120+

Last Updated: January 2026 | IAM Gatekeepers

> SYSTEM READY_