Phase 3
Initial Access
Initial Access is the first credible foothold. That foothold can come from a door, a conversation, a badge, a workstation, or a trusted process that lets the team in without forcing anything.
Purpose
This phase tests the first real barrier between outsider and insider. It shows what actually grants entry: a weak control, a trusting human, an exposed system, or a routine nobody questions.
In Practice
If you can enter a staff area, sit at an unattended device, or plug into a live port without being challenged, the objective of this phase is already proven.