Identity and Access Management (IAM) is the discipline of managing and controlling users' access to systems, applications, and data within an organization.

- Identity: Who the user is - Authentication: Verifying the user (e.g., passwords, MFA) - Authorization: Granting appropriate access based on role or need - Monitoring: Logging and auditing access behavior

IAM helps enforce least privilege principles, reduces insider threats, and is often a key control in both SOX and ISO 27001 frameworks. It supports compliance, security, and governance goals.

- Single Sign-On (SSO) - Multi-Factor Authentication (MFA) - Role-Based Access Control (RBAC) - Identity Lifecycle Management - Privileged Access Management (PAM)