CISSP Domain 5: Identity Lifecycle & PAM Explained

On the CISSP, identity questions come down to two things: timing and least privilege - close the leaver account 1st, and never leave admin power standing. This Domain 5 deep-dive walks the full identity provisioning lifecycle (joiner, mover, leaver), the access reviews that cure privilege creep, and privileged access management end to end. With Emma, Erica, Isabella, and Kai, we cover objectives 5.5 and 5.6 behind 13% of the current exam, and the question-reading habits that turn 1st, BEST, and MOST scenarios into quick, defensible picks.

In this video:

• The provisioning lifecycle: joiner (provision), mover (change), leaver (deprovision)
• Privilege creep: why access piles up across transfers, and how reviews fix it
• Why deprovisioning is the 1st control to verify when a terminated user still has access
• Access reviews and recertification: the revoke-by-default design that shrinks privilege
• Privileged access management: credential vaulting, automatic rotation, and just-in-time elevation
• Securing service accounts and recording privileged sessions for accountability

The next video in the series moves into the access control models that decide who gets what in the 1st place. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

▶ Watch next: CISSP Domain 7: Digital Forensics & Chain of Custody https://www.youtube.com/watch?v=D4nfDbWj1rg

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi