MITIGATIONS

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

Vulnerability Scanning

Application Developer Guidance

Application Vetting

Caution with Device Administrator Access

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

Interconnection Filtering

Lock Bootloader

Security Updates

System Partition Integrity

Use Recent OS Version

MITIGATIONS

A-C

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

D-F

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

G-I

No mitigations

J-L

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

M-O

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

P-R

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

S-U

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

V-X

Vulnerability Scanning

Y-Z

No mitigations

A-C

Application Developer Guidance

Application Vetting

Caution with Device Administrator Access

D-F

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

G-I

Interconnection Filtering

J-L

Lock Bootloader

M-O

No mitigations

P-R

No mitigations

S-U

Security Updates

System Partition Integrity

Use Recent OS Version

V-X

No mitigations

Y-Z

No mitigations

Attestation

Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.

ID: M1002

Version: 1.0

Created: 18 October 2019

Last Modified: 18 October 2019

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
Mobile	T1398		Modify OS Kernel or Boot Partition
Mobile	T1576		Uninstall Malicious Application	Attestation can detect rooted devices.