The sub-techniques beta is now live! Read the release blog post for more info.


Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.

ID: M1002
Version: 1.0
Created: 18 October 2019
Last Modified: 18 October 2019

Techniques Addressed by Mitigation

Domain ID Name Description
Mobile T1398 Modify OS Kernel or Boot Partition