Identity and Access Management (IAM)

Where IAM Fits in NIST CSF:

NIST CSF Function
Category
IAM Relevance

Govern

Governance Policies

Sets expectations for access rights

Identify

Asset & Risk Management

Recognizes which assets require protection

✅ Protect

Identity Management, Authentication, and Access Control (PR.AA)

IAM is centered here

Detect

Anomalies & Monitoring

Detects misuse or suspicious access

Respond

Response Planning

Responds to access violations or breaches

Recover

Recovery Planning

Restores IAM services post-incident

PreviousIncident Response and MonitoringNextPurpose

Last updated