Identity and Access Management (IAM) is the management of Identities throughout the identity management lifecycle.

Identity and Access Management is about managing digital identities through their entire lifecycle, from creation and provisioning to deprovisioning and governance, including authentication, authorization, and auditing. The statement expresses that definition, so the option that names IAM itself is the best fit. Privileged accounts are a subset of identities that IAM may manage; they’re not the lifecycle concept itself. Stateful describes whether a system maintains state across interactions, not identity lifecycle management. Stream-based ciphers are encryption mechanisms, unrelated to identity and access control. In practice, IAM covers provisioning new users, updating attributes, granting the right access, enforcing policies (such as least privilege), and revoking access when roles change or employment ends, with ongoing governance and auditing to ensure compliance. Therefore, identifying IAM as the concept being described is appropriate.