Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.

ID: M1002
Version: 1.0
Created: 18 October 2019
Last Modified: 18 October 2019

Techniques Addressed by Mitigation

Domain ID Name Use
Mobile T1605 Command-Line Interface

Device attestation can often detect jailbroken or rooted devices.

Mobile T1617 Hooking

Device attestation can often detect rooted devices.

Mobile T1398 Modify OS Kernel or Boot Partition
Mobile T1576 Uninstall Malicious Application

Attestation can detect rooted devices.