The Non-Human Identity Governance Standard.
Human IAM governs employees. It does not — and was never designed to — govern the machine estate beneath them. This document defines the primitives, principles, and maturity model for the category that IAM left behind.
We publish this Standard so the industry can stop using the wrong vocabulary. It is offered without licensing requirement. Adopt it, extend it, or rebut it — but do not ignore what it names.
Six claims the category rests on.
Every non-human identity must have an accountable human owner.
Orphaned authority is ungoverned authority. No credential should persist in production without a named individual responsible for its lifecycle.
Certificates are the only governable primitive for machines.
Cryptographically bound. Time-limited. Programmatically rotatable. Instantly revocable. No other credential class satisfies all four requirements simultaneously.
Discovery must be read-only.
A platform that writes to the estate in order to inventory it has already violated the trust required to govern it. Governance begins with observation.
Compliance is continuous, not quarterly.
Evidence must be cryptographically attested, continuously produced, and retrievable on demand. Spreadsheets compiled before an audit are not evidence.
Lifecycle authority is a jurisdiction, not a feature.
The right — and the cryptographic means — to provision, rotate, and revoke a non-human identity belongs to one party per identity. Governance names that party and enforces its exclusivity.
Every lifecycle event must be provable.
Signed, timestamped, retained in an immutable ledger. An assertion is not evidence. When the auditor asks, the answer is already waiting.
The vocabulary of the category.
Non-Human Identity (NHI)
Any cryptographic principal used by software — agents, service accounts, workload certs, machine tokens, ephemeral credentials — to authenticate, authorize, or establish trust without direct human input.
Any AI bot, automated system, or piece of software acting on your company's behalf. They outnumber your employees 80 to 1.
Governed Estate
The inventory of non-human identities under cryptographic control, continuously scored, lifecycle-bound, and attested.
Every machine and bot in your company that has been counted, owned, monitored, and proven safe — with a paper trail.
Lifecycle Authority
The right and means to provision, rotate, and revoke a non-human identity. A jurisdiction, not a feature.
The single team or system with the power to create, change, and shut down access for any machine or bot.
Silent Expiry
The event of a certificate expiring without notice, alert, or human intervention. Production authority evaporates at the edge of a clock.
When a piece of automated access quietly stops working — and your system breaks at 2am because no one knew it was about to expire.
Orphaned Identity
A non-human identity holding active privilege with no named owner. A rotation policy cannot rotate what it cannot address.
An AI bot or automated account with admin access — and nobody at your company responsible for it. Still working. Still authorized. Still dangerous.
Identity Lifecycle Debt
The accumulated liability of every identity deployed and never governed. Quantifiable. Enterprise-owned. Non-optional.
The pile of forgotten machine accounts that has been growing in your company for years. A real liability that shows up on the next breach report.
Governance Gap
The distance between identity deployment velocity and identity governance coverage.
How fast you're shipping AI agents and automated systems versus how fast you're keeping track of them. The wider this gap, the bigger the risk.
Rogue Identity
A non-human identity operating outside governance — no certificate binding, no rotation schedule, no revocation path.
A machine account running in production that nobody is monitoring — and that you cannot turn off when you need to.
From unaware to attested.
Five positions on the NHIG spectrum. Every enterprise holds one. Most hold 0 or 1 and do not yet know it.
Enterprise cannot enumerate its non-human identities. Orphaned authority is uncounted.
NHIs have been inventoried through a read-only scan. Ownership is unresolved.
Every identity has a named owner. Rotation policy exists but is not enforced.
Lifecycle is cryptographically enforced. Rotation is automated. Revocation is instant.
Continuous evidence is produced and retained. Audit is a query, not a project.
The Standard is open. The platform is Arkion.
This document is offered without licensing requirement. Anyone may adopt, extend, or rebut it. Arkion is the reference implementation — the platform that enforces what the Standard defines.
Document: NHIG-STD-v1.0 · Published 2026-04-01 · Arkion · Non-normative draft open for public comment through 2026-Q3