Accounting (AAA)

Accounting in the AAA model (Authentication, Authorization, Accounting) captures and stores activity records that link every action back to a verified identity, providing the evidence needed for security monitoring, forensic investigation, compliance and chargeback. Typical accounting data includes login and logout events, sessions, commands executed, bytes transferred and resources accessed. Protocols like RADIUS, TACACS+ and Diameter define how network devices send accounting records to centralized servers, while modern stacks aggregate them in SIEM and audit log platforms. Strong accounting requires tamper-resistant storage, accurate time synchronization and retention aligned with legal and regulatory requirements.