Term · 7. Security & Standards

Confidentiality

IDM/IGA Domain

Standards GDPR HIPAA PCI DSS Introduced by: Big4 (Deloitte / PwC / EY / KPMG)

Definition

Security principle ensuring data is accessible only to authorized identities. One of the CIA triad (Confidentiality, Integrity, Availability). For identity systems: protecting credentials, authentication factors, user attributes, audit logs from unauthorized disclosure. Required by GDPR, HIPAA, PCI DSS, ISO 27001.

Application: MidPoint: Confidentiality is a property of communication channel or data, ensuring that they are available only to intended actors.

Related terms

HITRUST CSF (Common Security Framework) (HITRUST)

Healthcare-focused certifiable framework consolidating HIPAA, HITECH, NIST, ISO 27001, PCI DSS, GDPR, and 40+ other auth …
Multi-factor Authentication (MFA)

Authentication requiring two or more independent factors from different categories: knowledge (password), possession (ph …
Audit

Independent examination of identity controls, processes, and records to verify compliance with policy and regulatory req …
CCPA / CPRA (California Consumer Privacy Act / Privacy Rights Act) (CCPA)

California state privacy law (CCPA 2018, expanded by CPRA 2020 effective 2023) granting California residents rights over …
Compliance

Adherence to applicable laws, regulations, standards, and internal policies governing identity and access management. Co …
Connector (Conn)

Integration component between IDM/IGA platform and a target system — enables provisioning, deprovisioning, reconciliatio …

← Back to glossary · Open in main list