Resources · Glossary
Privileged Access & Zero Trust Glossary.
Plain-language definitions of every PAM, zero-trust, and identity-security term that turns up in RFPs, audit conversations, and security architecture reviews. Written for practitioners, not marketing.
Core PAM · Zero Trust · AI & agents · Compliance · Go deeper
Core PAM concepts
Privileged access fundamentals.
Privileged Access Management (PAM)
The discipline of brokering, monitoring, and recording access to systems by accounts with elevated privileges. Includes vault, session brokering, rotation, and audit. Explore PAM →
Just-in-Time (JIT) access
Granting privileged credentials only for the duration of an approved task and revoking them automatically when the session ends. Eliminates standing privilege.
Credential Vault
Encrypted store for service account passwords, API keys, SSH keys, certificates, and database credentials. Brokered access; the credential is never exposed to the operator. Explore the vault →
Credential rotation
Automatic password / key rotation on a schedule or after every use. Prevents stale credentials from becoming the most-abused secrets. Explore rotation →
Session brokering
Initiating and recording every privileged session through a central control plane. The endpoint never sees the credential; the broker handles authentication.
Session recording
Capturing video + keystroke transcript + event log of every privileged session, tamper-evident and immutable for audit and investigation.
Zero Trust concepts
Zero Trust architecture vocabulary.
Zero Trust
Security model where no user, device, or network location is implicitly trusted. Every request is verified, authorized, and recorded.
Microsegmentation
Partitioning the network into small, isolated zones with explicit policies for traffic between them. Reduces lateral-movement blast radius.
Policy enforcement point
The control plane component that decides whether a request is allowed, based on identity, context, and policy.
Identity-based perimeter
The shift from network-perimeter trust to identity-based access decisions. The operator’s identity, role, and context determine what they can do.
Adaptive MFA
MFA challenges that scale with risk: step-up MFA for sensitive commands, not just at login.
UEBA
User and Entity Behavior Analytics. Per-operator behavioral baselines; anomaly scores on every session. Session Intelligence →
AI & agent terms
Vocabulary for the AI-agent era.
MCP (Model Context Protocol)
Open protocol for AI agents to request access to tools, credentials, and resources through a governed broker. Read the MCP guide →
Machine identity
A non-human identity (service account, API client, AI agent) that needs to authenticate and access resources. Increasingly the majority of identities in modern environments.
AI agent token
A scoped, time-bounded credential issued to an AI agent for a specific task. Issued by a vault, never stored in the agent’s prompt or context.
Agentic governance
The policies, approval workflows, and audit trail required when AI agents act on a human’s behalf with privileged access.
Plain-language session insights
AI-generated summaries of privileged sessions, turning thousands of raw events into a 3-line readable summary for fast review.
Adaptive MFA on AI sessions
Risk-based MFA prompts that step up when an AI agent requests a sensitive credential, even if the agent itself does not need MFA.
Compliance terms
Audit & compliance vocabulary.
Tamper-evident logs
Audit logs designed so any modification is detectable. The minimum bar for evidence in regulated environments.
Immutable audit trail
Audit log that cannot be altered after the fact. Stronger than tamper-evident; required in some regulated environments.
Evidence pack
Pre-packaged set of artifacts (session videos, transcripts, logs, control mappings) ready to hand to an auditor for a specific framework.
Control mapping
The document that says “control X in framework Y is satisfied by capability Z.” Auditors expect to see this for every claimed control. See compliance hub →
Break-glass access
Emergency-access path that bypasses normal approval workflow but generates a high-priority alert and full forensic trail.
Separation of Duties (SoD)
Policy that prevents a single operator from holding conflicting roles (e.g. trader + clearer). Auditor staple in financial services.
Term you don’t see here?
The glossary is built from real RFP and audit conversations. Send the term and we will add a definition.
