CyberArk - Glossary

Common terms and acronyms used within CyberArk.

CyberArk Glossary





Application Access Manager

CyberArk Application Access Manager (AAM) enables organizations to protect critical business systems by eliminating hard-coded credentials from application scripts, configuration files and software code, and removing SSH keys from servers where they are used by applications and scripts. AAM offers agent and agentless deployment options to best meet the security and availability requirements of various business applications. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting.


Application Password Management

An Application Password Manager is a software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database.


Critical Infrastructure Protection

Critical infrastructure protection (CIP) is a concept that relates to preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.


Central Policy Manager

Central Policy Manager is a integral part of the PAS controlling and managing the Master policy. This password management component can change passwords automatically on remote machines and store the new passwords in the EPV, with no human intervention, according to the organizational policy. It also enables organizations to verify passwords on remote machines, and reconcile them when necessary.


Discovery and Audit

CyberArk Discovery & Audit™ is a patent pending, standalone, easy to use tool that exposes the magnitude of the privileged account security challenge. The solution provides a comprehensive view of an organization’s privileged account environment.


Disaster Recovery Vault

Disaster Recovery is a mode (in addition to a service) in which one or a set of Vault Servers act as a live failover (Replicate) to ensure that your Vault is replicated to a Disaster Recovery Vault regularly, and can take over immediately when the primary Vault Servers stops processes requests suddenly or during an upgrade scenario.


Digital Vault

CyberArk Digital Vault is a system for secure data storage, exchange and/or sharing through a protected central storage facility, containing at least one “Network Vault” to which access is controlled through a single data access channel. The network vault is similar to a physical safe, in that substantially any type of information can be stored in the network vault, and in that the user need only place the information inside the network vault for the information to be secured. Thus, the system of the present invention combines the flexibility of data storage and retrieval through a network, with the security of controlled access for data storage and retrieval at a fixed physical location. The restriction of data access through a single data access channel greatly simplifies the task of protecting access to the data, since only this single channel must be monitored for unauthorized access, rather than monitoring many such channels (or interfaces). Also, the present invention enables data to be exchanged between two users and/or networks which do not trust each other, again by only permitting access to the stored data through the single data access channel, rather than by attempting to filter communication between the two parties. Thus, the present invention is able to provide security without declarations, since the data is moved into the security system, rather than attempting to impose the security system over an existing data access system.


Event Notification Engine

CyberArk Event Notification Engine is a Windows service that alerts predefined users about PAS activities, such as errors, password failures and policy violations. It is installed automatically as part of the Vault server installation as a service.


Endpoint Privilege Manager

CyberArk Endpoint Privilege Manager is a comprehensive solution that enables organizations to block and contain attacks on endpoints and servers to reduce the risk of information being stolen or encrypted and held for ransom. A powerful combination of privilege management and application control reduces the risk of malware infection. Unknown applications can run in a restricted mode to contain threats while maintaining productivity, and behavioral analysis identifies and blocks credential theft attempts. These critical prevention and protection technologies are deployed as a single agent to strengthen your existing endpoint security.

EPVEnterprise Password Vault

CyberArk Enterprise Password Vault, part of PAS, enables organizations to secure, manage and track the use of privileged credentials whether on-premise or in the cloud, across operating systems, databases, applications, hypervisors, network devices and more. CyberArk Enterprise Password Vault is the only product that addresses Privileged Identity Management challenges by combining multiple layers of built-in security, fast time-to-value, ongoing operational efficiency and ease-of-use with the enterprise-grade capabilities needed for successful deployments. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting.

EVDExport Vault Data (Utility)

The ExportVaultData utility exports data from the Vault to TXT or CSV files, where they can be imported into third party applications or databases.

HAHigh Availability

The Vault can be installed as a high-availability cluster of servers which provide constant access to the accounts in the Vault. In this implementation, there is always one Server that is on standby in case the other Server in the cluster fails.

HSMHardware Security Module

A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plugin card or an external device that attaches directly to a computer or network server.

IAMIdentity and Access Management

Identity management (IdM) describes the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. The terms "Identity Management"(IdM) and "Identity and Access Management" (or IAM) are used interchangeably in the area of Identity access management, while identity management itself falls under the umbrella of IT Security.

IDMIdentity Management

Identity management (IdM) describes the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. The terms "Identity Management"(IdM) and "Identity and Access Management" (or IAM) are used interchangeably in the area of Identity access management, while identity management itself falls under the umbrella of IT Security.


Master Policy

The Master Policy offers a centralized overview of the security and compliance policy of privileged accounts in your organization while allowing you to configure compliance driven rules that are defined as the baseline for your enterprise. It is configured out-of-the-box and can be used immediately after implementation, providing an intuitive, simplified user experience and enhanced bottom-line insight for administrators, IT personnel, managers and auditors.


Managed (Secure) Service Provider

CyberArk's PAS offering for MSSP enables Service Providers to provide PAM services to their customers to enrich their security posture with a 'best in breed' solution. This offering is easy to install and deploy, while providing a secure environment for managed privileged accounts. This version was designed specifically for MSSP with cost effective ROI in mind, so that MSSP can leverage the CyberArk platform and scale it to their customers.

OPM(Unix / Linux)

On-Demand Privileges Manager (Linux)


CyberArk On-Demand Privileges Manager™ for Unix/Linux is a unified access control product, allowing organizations to control and monitor the commands super-users can run based on their role and task at hand. The solution replaces siloed SUDO solutions with an enterprise-ready, scalable product with unparalleled security as well as enhanced audit capabilities.

OPM (Windows)

On-Demand Privileges Manager (Windows)

CyberArk On-Demand Privileges Manager™ for Windows empowers end-users to perform tasks that require administrative rights in a controlled and fully audited manner. By defining the necessary policies for business users to perform their daily tasks, IT and security teams can achieve the optimal balance between enabling productivity while limiting privileges for security reasons.

PA Client

PrivateArk Client

The PrivateArk Client is a regular Windows application that is used as the administrative client for PAS. It can be installed on any number of remote computers, and can access the Vault by any combination of LAN, WAN or the Internet.


PrivateArk Command Line Interface

The CyberArk Vault Command Line Interface (PACLI) enables CyberArk Vault users to access and manage the Vault server from any location, in an extremely intuitive command line environment.


PASPrivileged Access Security

CyberArkPAS is based on CyberArk Shared Technology Platform™, which combines an isolated vault server, a unified policy engine, and a discovery engine to provide scalability, reliability and unmatched security for privileged accounts.


Privileged Identity Management

Privileged Identity Management is a domain within Identity Management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise.


Privileged Session Manager

CyberArk Privileged Session Manager is part of PASPSM enables organizations to isolate, monitor, record, and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines. The solution acts as a jump server and single access control point. It prevents malware from jumping to a target system and records keystrokes and commands for continuous monitoring. The resulting detailed session recordings and audit logs are used to simplify compliance audits and accelerate forensics investigations.


Privileged Threat Analytics

CyberArk Privileged Threat Analytics is an expert system for privileged account security intelligence, providing targeted, immediately actionable threat alerts by identifying previously undetectable malicious privileged user and account activity. The solution applies patent pending analytic technology to a rich set of privileged user and account behavior collected from multiple sources across the network. PTA then produces highly accurate and immediately actionable intelligence, allowing incident response teams to respond directly to the attack.


Password Vault Web Access

PVWA is a fully featured web interface that provides a single console for requesting, accessing and managing privileged accounts throughout the enterprise by both end users and administrators with almost no training.


Simple Authentication and Security Layer

Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL


Security Information and Event Management

Security Information and Event Management is an approach to security management that seeks to provide a holistic view of an organization's information technology (IT) security.


SSH Key Manager

CyberArk SSH Key Manager is designed to securely store, rotate and control access to SSH keys to prevent unauthorized access to privileged accounts. SSH Key Manager leverages the Digital Vault infrastructure to ensure that SSH keys are protected with the highest levels of security, including the encryption of keys at rest and in transit, granular access controls and integrations with strong authentication solutions. Detailed audit logs and reporting capabilities provide visibility into key usage to meet audit and compliance requirements. SSH Key Manager integrates with PAS, enabling organizations to protect all privileged credentials, including SSH keys and passwords, from a single integrated platform that can be built out over time in accordance with business needs.


Shared Technology Platform

CyberArk Shared Technology Platform is the basis for PAS and allows customers to deploy a single infrastructure and expand the solution to meet expanding business requirements. Seamless integration of products built on the platform provides lowest cost of ownership, and consolidated management, policy controls and reporting capabilities. The platform delivers enterprise-class security, scalability, and high availability on a single, integrated solution. Designed to integrate into any IT environment, whether on-premise or in the cloud, the platform is the foundation of PAS.

KeywordsCyberArk, PAM, vault, glossary   Doc ID110936
OwnerPeter V.GroupCybersecurity
Created2021-05-20 15:11:03Updated2021-05-20 15:12:16
SitesOffice of Cybersecurity
Feedback  1   0