You can’t do zero trust without Identity and Access Management (IAM). You can’t limit access by a need to know parameter unless you have a system of systems that can describe all the people and devices and code, what those things are authorized to connect to and even modify, and then a way to enforce the policy. Identity Governance and Administration (IGA) is the internal group of IT, security, and business leaders who define the policy. Privileged Identity Management (PIM) is the system that dynamically manages all the identities. Privileged Access Management (PAM) is the system that enforces the rules created by the IGA against the identities in the PIM.
For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.