Introduction to AAA
AAA, which is pronounced “triple A” and stands for authentication, authorization, and accounting, is a framework. A framework is a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful. The AAA framework is a guide that helps you build the controls needed to access computing resources, enforce policies, and audit usage. AAA plays a very important role in security.
Authentication is about verifying the identity of those who access your systems and data. Therefore, without authentication, you can’t control access to your data, and so you can’t protect confidentiality, integrity, and availability (CIA). Authorization is about controlling what can be done to your systems and data. Therefore, without authorization, you can’t control what can be done with your data, and so you can’t protect CIA. Accounting is about recording everything that is happening to your systems and data. Therefore, without accounting, you can’t keep track of the who, what, where, when, why, and how of your data, and so you can’t protect CIA.
As you can see, without AAA, it is impossible to meet the CIA needs of your organization.