CyberGlossary

Identity & Access

AAA Framework

Also known as: Authentication, Authorization, Accounting, Triple-A

Definition

A foundational access-control model built on three layered functions: Authentication, Authorization and Accounting.

The AAA framework structures access control around three sequential concerns: Authentication verifies who is making the request, Authorization decides what they can do, and Accounting records what they actually did. Originally formalized for network access (dial-up, VPN, Wi-Fi) through protocols such as RADIUS, TACACS+ and Diameter, the model is now applied to cloud APIs, SaaS apps and zero-trust architectures. Separating the three concerns enables centralized identity stores, consistent policy enforcement and uniform audit trails across heterogeneous systems. AAA is often combined with multi-factor authentication, role-based access control and SIEM correlation to provide end-to-end identity governance.

Examples

  • Enterprise Wi-Fi using 802.1X with a RADIUS server providing the three AAA functions.
  • A network device sending TACACS+ accounting records for every CLI command.

Related terms