JIT access grants elevated privileges only when needed, for a limited time, with full audit logging — eliminating permanently privileged accounts that are constant targets.
Zero Standing Privilege (ZSP) = never have permanent admin access. JIT: request → approve → grant → auto-revoke. Dramatically reduces blast radius of compromised admin accounts. PAM platforms (CyberArk, BeyondTrust) implement JIT.