ATT&CK v13 has been released! Check out the blog post or release notes for more information.

MITIGATIONS

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

Data Loss Prevention

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

Vulnerability Scanning

Application Developer Guidance

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

Interconnection Filtering

Lock Bootloader

Security Updates

System Partition Integrity

Use Recent OS Version

Access Management

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Authorization Enforcement

Communication Authenticity

Data Loss Prevention

Disable or Remove Feature or Program

Encrypt Network Traffic

Encrypt Sensitive Information

Execution Prevention

Exploit Protection

Filter Network Traffic

Human User Authentication

Limit Access to Resource Over Network

Limit Hardware Installation

Mechanical Protection Layers

Minimize Wireless Signal Propagation

Mitigation Limited or Not Effective

Multi-factor Authentication

Network Allowlists

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Operational Information Confidentiality

Out-of-Band Communications Channel

Password Policies

Privileged Account Management

Redundancy of Service

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

Safety Instrumented Systems

Software Configuration

Software Process and Device Authentication

SSL/TLS Inspection

Static Network Configuration

Supply Chain Management

Threat Intelligence Program

Update Software

User Account Management

Validate Program Inputs

Vulnerability Scanning

Watchdog Timers

MITIGATIONS

A-C

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

D-F

Data Loss Prevention

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

G-I

No mitigations

J-L

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

M-O

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

P-R

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

S-U

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

V-X

Vulnerability Scanning

Y-Z

No mitigations

A-C

Application Developer Guidance

D-F

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

G-I

Interconnection Filtering

J-L

Lock Bootloader

M-O

No mitigations

P-R

No mitigations

S-U

Security Updates

System Partition Integrity

Use Recent OS Version

V-X

No mitigations

Y-Z

No mitigations

A-C

Access Management

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Authorization Enforcement

Communication Authenticity

D-F

Data Loss Prevention

Disable or Remove Feature or Program

Encrypt Network Traffic

Encrypt Sensitive Information

Execution Prevention

Exploit Protection

Filter Network Traffic

G-I

Human User Authentication

J-L

Limit Access to Resource Over Network

Limit Hardware Installation

M-O

Mechanical Protection Layers

Minimize Wireless Signal Propagation

Mitigation Limited or Not Effective

Multi-factor Authentication

Network Allowlists

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Operational Information Confidentiality

Out-of-Band Communications Channel

P-R

Password Policies

Privileged Account Management

Redundancy of Service

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

S-U

Safety Instrumented Systems

Software Configuration

Software Process and Device Authentication

SSL/TLS Inspection

Static Network Configuration

Supply Chain Management

Threat Intelligence Program

Update Software

User Account Management

V-X

Validate Program Inputs

Vulnerability Scanning

Watchdog Timers

Y-Z

No mitigations

Lock Bootloader

On devices that provide the capability to unlock the bootloader (hence allowing any operating system code to be flashed onto the device), perform periodic checks to ensure that the bootloader is locked.

ID: M1003

Version: 1.0

Created: 25 October 2017

Last Modified: 17 October 2018

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
Mobile	T1398		Boot or Logon Initialization Scripts	A locked bootloader could prevent unauthorized modifications to protected operating system files.
Mobile	T1645		Compromise Client Software Binary	A locked bootloader could prevent unauthorized modifications of protected operating system files.
Mobile	T1458		Replication Through Removable Media	Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.