ATT&CK v13 has been released! Check out the blog post or release notes for more information.

MITIGATIONS

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

Data Loss Prevention

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

Vulnerability Scanning

Application Developer Guidance

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

Interconnection Filtering

Lock Bootloader

Security Updates

System Partition Integrity

Use Recent OS Version

Access Management

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Authorization Enforcement

Communication Authenticity

Data Loss Prevention

Disable or Remove Feature or Program

Encrypt Network Traffic

Encrypt Sensitive Information

Execution Prevention

Exploit Protection

Filter Network Traffic

Human User Authentication

Limit Access to Resource Over Network

Limit Hardware Installation

Mechanical Protection Layers

Minimize Wireless Signal Propagation

Mitigation Limited or Not Effective

Multi-factor Authentication

Network Allowlists

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Operational Information Confidentiality

Out-of-Band Communications Channel

Password Policies

Privileged Account Management

Redundancy of Service

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

Safety Instrumented Systems

Software Configuration

Software Process and Device Authentication

SSL/TLS Inspection

Static Network Configuration

Supply Chain Management

Threat Intelligence Program

Update Software

User Account Management

Validate Program Inputs

Vulnerability Scanning

Watchdog Timers

MITIGATIONS

A-C

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

D-F

Data Loss Prevention

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

G-I

No mitigations

J-L

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

M-O

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

P-R

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

S-U

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

V-X

Vulnerability Scanning

Y-Z

No mitigations

A-C

Application Developer Guidance

D-F

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

G-I

Interconnection Filtering

J-L

Lock Bootloader

M-O

No mitigations

P-R

No mitigations

S-U

Security Updates

System Partition Integrity

Use Recent OS Version

V-X

No mitigations

Y-Z

No mitigations

A-C

Access Management

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Authorization Enforcement

Communication Authenticity

D-F

Data Loss Prevention

Disable or Remove Feature or Program

Encrypt Network Traffic

Encrypt Sensitive Information

Execution Prevention

Exploit Protection

Filter Network Traffic

G-I

Human User Authentication

J-L

Limit Access to Resource Over Network

Limit Hardware Installation

M-O

Mechanical Protection Layers

Minimize Wireless Signal Propagation

Mitigation Limited or Not Effective

Multi-factor Authentication

Network Allowlists

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Operational Information Confidentiality

Out-of-Band Communications Channel

P-R

Password Policies

Privileged Account Management

Redundancy of Service

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

S-U

Safety Instrumented Systems

Software Configuration

Software Process and Device Authentication

SSL/TLS Inspection

Static Network Configuration

Supply Chain Management

Threat Intelligence Program

Update Software

User Account Management

V-X

Validate Program Inputs

Vulnerability Scanning

Watchdog Timers

Y-Z

No mitigations

Limit Hardware Installation

Block users or groups from installing or using unapproved hardware on systems, including USB devices.

ID: M1034

Version: 1.0

Created: 11 June 2019

Last Modified: 09 June 2020

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
Enterprise	T1052		Exfiltration Over Physical Medium	Limit the use of USB devices and removable media within a network.
		.001	Exfiltration over USB	Limit the use of USB devices and removable media within a network.
Enterprise	T1200		Hardware Additions	Block unknown devices and accessories by endpoint security configuration and monitoring agent.
Enterprise	T1091		Replication Through Removable Media	Limit the use of USB devices and removable media within a network.