Thank you to Tidal Cyber and SOC Prime for becoming ATT&CK's first Benefactors. To join the cohort, or learn more about this program visit our Benefactors page.

Limit Hardware Installation

Block users or groups from installing or using unapproved hardware on systems, including USB devices.

ID: M1034

Version: 1.0

Created: 11 June 2019

Last Modified: 09 June 2020

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
Enterprise	T1052		Exfiltration Over Physical Medium	Limit the use of USB devices and removable media within a network.
		.001	Exfiltration over USB	Limit the use of USB devices and removable media within a network.
Enterprise	T1200		Hardware Additions	Block unknown devices and accessories by endpoint security configuration and monitoring agent.
Enterprise	T1091		Replication Through Removable Media	Limit the use of USB devices and removable media within a network.

Limit Hardware Installation

Enterprise Layer

Techniques Addressed by Mitigation