R-003 - Uncontrolled Administrative Access Paths

Risk Description

Administrative access is currently performed from non-dedicated environments with partially controlled access paths.

This increases the risk of:

credential compromise
unauthorized administrative actions
lack of traceability

Asset / Scope

administrative access paths (SSH)
infrastructure systems (VPS, internal services)
administrator workstation

Likelihood

Possible

Access paths are exposed and not fully centralized or controlled.

Impact

Critical

full system compromise possible
loss of control over infrastructure
major integrity and availability impact

Risk Level

Critical

Existing Controls

SSH key authentication
limited access exposure
basic hardening

Treatment Decision

Mitigate

Treatment Strategy

introduce bastion-based access (ADR-003)
restrict direct access paths
enforce MFA progressively

Current Maturity

Established

risk identified
initial access restrictions in place

In Progress

bastion deployment
access path consolidation

Planned / Next Phase

full bastion enforcement
session logging and traceability
stronger authentication controls

Risk Description​

Asset / Scope​

Likelihood​

Impact​

Risk Level​

Existing Controls​

Treatment Decision​

Treatment Strategy​

Current Maturity​

Established​

In Progress​

Planned / Next Phase​