Privileged Access Management (PAM)

Also known as: PAM, Privileged identity management

A set of practices and tools that secure, control, monitor, and audit access to accounts and systems with elevated administrative privileges.

Privileged Access Management protects the "crown jewels" of an organization: domain admins, root accounts, cloud root users, database superusers, network device credentials, and service accounts. A PAM platform typically combines a credential vault (passwords, SSH keys, API tokens), session brokering through a bastion, just-in-time elevation, session recording with keystroke logging, and detailed audit. Tight integration with MFA, RBAC, and SIEM/SOAR enables anomaly detection and policy enforcement. PAM is a foundational control in zero-trust roadmaps, in PCI DSS, ISO 27001, and in cyber-insurance underwriting, and it dramatically reduces blast radius from credential theft and insider misuse.

Examples

CyberArk Privileged Access Manager rotating the Windows local administrator password after each session.
BeyondTrust providing a recorded SSH bastion to root accounts on Linux production servers.

Privileged Access Management (PAM)

Examples

Related terms

Principle of Least Privilege

Just-in-Time Access

Credential Vault

Service Account

Identity and Access Management (IAM)

Session Management

Definition

Examples

Related terms

Principle of Least Privilege

Just-in-Time Access

Credential Vault

Service Account

Identity and Access Management (IAM)

Session Management