#52SECURITYPROTECT
Access Control
Authentication and authorization
Medium
Overview
Control who can access systems and what they can do. SSH keys, MFA, least privilege.
Why It Matters
Only authorized access. SSH key-only, firewall rules, fail2ban.
The Risk
Weak access control means attackers get in easily and move laterally freely. Password breaches compromise systems. Overprivileged users cause accidents. Former employees retain access indefinitely.
Implementation Components
A complete implementation of this capability includes:
- SSH key-only authentication (passwords disabled)
- Multi-factor authentication for privileged access
- Least privilege - minimal permissions by default
- Firewall rules limiting network access
- Regular access reviews and removal of stale accounts
- Fail2ban or similar for brute force protection
Implementation Pattern
- 1Use SSH keys only
- 2Implement MFA
- 3Apply least privilege
- 4Review permissions regularly
Pipeline Coverage
This continuous capability monitors and applies to the following pipeline phases:
DEVELOPSTAGERELEASE
Tool Examples
These are examples, not endorsements. Choose what fits your context.
Dependencies
Enables (unlocks)
Same Layer
Other capabilities in this continuous layer
- •#44 Database Backups
- •#45 System/App Backups
- •#46 Restore Verification
- •#47 Restore Drills
- •#48 Host Hardening
+5 more