Identity governance is the framework of policies, processes, and technologies that ensure the right people have the right access to the right systems at the right time, continuously reviewed, certified, and cleaned up when no longer needed.
Access creep is the enemy identity governance addresses. Over time, users accumulate permissions as they change roles. Identity governance platforms automate access reviews, flag anomalies, and enforce policies that prevent privilege accumulation before it becomes a security liability.
CISSP Relevance
Identity governance is central to Domain 5 (Identity and Access Management). CISSP candidates must understand access review processes, role lifecycle management, and how identity governance connects to compliance and audit requirements.
External reference: NIST SP 800-53 Identity Management and Access Control
Related terms: Role-Based Access Control, Privileged Access Management