Attestation is a security control mechanism that uses cryptographic verification to confirm the integrity, authenticity, and compliance of an entity—such as a device, system, software component, or identity—against a predefined security posture. Unlike basic authentication, which only verifies identity claims, attestation validates the actual properties and conditions of an entity. For instance, a device may attest to its boot sequence integrity, installed security updates, or adherence to organizational policies before receiving network access or elevated permissions.

The attestation process typically involves a secure element or trusted computing base generating a digitally signed statement that can be independently verified by other systems. This mechanism enables organizations to make informed, risk-based access decisions, ensuring only trusted and compliant entities interact with sensitive resources. Attestation serves as a foundational element in Identity & Access Management (IAM) frameworks, helping organizations mitigate risks from compromised endpoints and enforce robust policy-based access control across dynamic enterprise environments.