Term · 13. Additional Terms
Continuous Compliance CC
Definition
Real-time verification that identity controls remain compliant with policy and regulatory frameworks — replaces periodic point-in-time audits with continuous monitoring. Implemented via ISPM + IGA integration: configuration drift detection, real-time SoD violation alerts, MFA coverage dashboards, dormant account auto-remediation.
- Application
- Tools: Microsoft Defender for Identity, SailPoint Risk Manager, Saviynt ISPM, Drata, Vanta, Secureframe. Generates audit-ready evidence on demand for SOC 2, ISO 27001, HITRUST.
Related terms
-
Cloud Data Access Governance
Discovery, classification, and access control for sensitive data across cloud data stores (S3, Snowflake, BigQuery, Data …
-
HITRUST CSF (Common Security Framework) (HITRUST)
Healthcare-focused certifiable framework consolidating HIPAA, HITECH, NIST, ISO 27001, PCI DSS, GDPR, and 40+ other auth …
-
Identity Governance (IG)
Discipline of policies, processes, and oversight ensuring identities have appropriate access — no more, no less — throug …
-
Identity Governance and Administration (IGA)
Gartner-defined category combining identity governance (policies, access reviews, compliance) with administration (provi …
-
Internal Control (IC)
Process or mechanism implemented by management to provide reasonable assurance regarding effectiveness of operations, re …
-
AAL (AAL)
NIST SP 800-63B Authenticator Assurance Level — measures the robustness of the authentication process. AAL1: single-fact …