Privileged Access Management (PAM) controls, monitors, and audits access by accounts with elevated permissions — system administrators, database administrators, and service accounts that can make sweeping changes. These accounts are the highest-value targets for attackers.
PAM solutions enforce just-in-time access, meaning privileged rights are granted only when needed and revoked immediately after. They record session activity, rotate credentials automatically, and flag anomalous behavior by privileged users.
CISSP Relevance
PAM falls squarely within Domain 5 (Identity and Access Management). CISSP candidates must understand how privileged account controls reduce lateral movement risk and support the principle of least privilege at the highest levels of system access.
External reference: NIST SP 800-53 Rev 5 Account Management Controls
Related terms: Least Privilege, Role-Based Access Control