Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.

ID: M1002
Version: 1.0
Created: 18 October 2019
Last Modified: 18 October 2019

Techniques Addressed by Mitigation

Domain ID Name Use
Mobile T1605 Command-Line Interface

Device attestation can often detect jailbroken or rooted devices.

Mobile T1398 Modify OS Kernel or Boot Partition
Mobile T1576 Uninstall Malicious Application

Attestation can detect rooted devices.