ATT&CK v12 is now live! Check out the updates here

MITIGATIONS

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

Data Loss Prevention

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

Vulnerability Scanning

Application Developer Guidance

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

Interconnection Filtering

Lock Bootloader

Security Updates

System Partition Integrity

Use Recent OS Version

Access Management

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Authorization Enforcement

Communication Authenticity

Data Loss Prevention

Disable or Remove Feature or Program

Encrypt Network Traffic

Encrypt Sensitive Information

Execution Prevention

Exploit Protection

Filter Network Traffic

Human User Authentication

Limit Access to Resource Over Network

Limit Hardware Installation

Mechanical Protection Layers

Minimize Wireless Signal Propagation

Mitigation Limited or Not Effective

Multi-factor Authentication

Network Allowlists

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Operational Information Confidentiality

Out-of-Band Communications Channel

Password Policies

Privileged Account Management

Redundancy of Service

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

Safety Instrumented Systems

Software Configuration

Software Process and Device Authentication

SSL/TLS Inspection

Static Network Configuration

Supply Chain Management

Threat Intelligence Program

Update Software

User Account Management

Vulnerability Scanning

Watchdog Timers

MITIGATIONS

A-C

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Behavior Prevention on Endpoint

Credential Access Protection

D-F

Data Loss Prevention

Disable or Remove Feature or Program

Do Not Mitigate

Encrypt Sensitive Information

Environment Variable Permissions

Execution Prevention

Exploit Protection

Filter Network Traffic

G-I

No mitigations

J-L

Limit Access to Resource Over Network

Limit Hardware Installation

Limit Software Installation

M-O

Multi-factor Authentication

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

P-R

Password Policies

Privileged Account Management

Privileged Process Integrity

Remote Data Storage

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

S-U

Software Configuration

SSL/TLS Inspection

Threat Intelligence Program

Update Software

User Account Control

User Account Management

V-X

Vulnerability Scanning

Y-Z

No mitigations

A-C

Application Developer Guidance

D-F

Deploy Compromised Device Detection Method

Encrypt Network Traffic

Enterprise Policy

G-I

Interconnection Filtering

J-L

Lock Bootloader

M-O

No mitigations

P-R

No mitigations

S-U

Security Updates

System Partition Integrity

Use Recent OS Version

V-X

No mitigations

Y-Z

No mitigations

A-C

Access Management

Account Use Policies

Active Directory Configuration

Antivirus/Antimalware

Application Developer Guidance

Application Isolation and Sandboxing

Authorization Enforcement

Communication Authenticity

D-F

Data Loss Prevention

Disable or Remove Feature or Program

Encrypt Network Traffic

Encrypt Sensitive Information

Execution Prevention

Exploit Protection

Filter Network Traffic

G-I

Human User Authentication

J-L

Limit Access to Resource Over Network

Limit Hardware Installation

M-O

Mechanical Protection Layers

Minimize Wireless Signal Propagation

Mitigation Limited or Not Effective

Multi-factor Authentication

Network Allowlists

Network Intrusion Prevention

Network Segmentation

Operating System Configuration

Operational Information Confidentiality

Out-of-Band Communications Channel

P-R

Password Policies

Privileged Account Management

Redundancy of Service

Restrict File and Directory Permissions

Restrict Library Loading

Restrict Registry Permissions

Restrict Web-Based Content

S-U

Safety Instrumented Systems

Software Configuration

Software Process and Device Authentication

SSL/TLS Inspection

Static Network Configuration

Supply Chain Management

Threat Intelligence Program

Update Software

User Account Management

V-X

Vulnerability Scanning

Watchdog Timers

Y-Z

No mitigations

Do Not Mitigate

This category is to associate techniques that mitigation might increase risk of compromise and therefore mitigation is not recommended.

ID: M1055

Version: 1.0

Created: 19 July 2019

Last Modified: 23 July 2019

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
Enterprise	T1480		Execution Guardrails	Execution Guardrails likely should not be mitigated with preventative controls because it may protect unintended targets from being compromised. If targeted, efforts should be focused on preventing adversary tools from running earlier in the chain of activity and on identifying subsequent malicious behavior if compromised.
		.001	Environmental Keying	Environmental Keying likely should not be mitigated with preventative controls because it may protect unintended targets from being compromised. If targeted, efforts should be focused on preventing adversary tools from running earlier in the chain of activity and on identifying subsequent malicious behavior if compromised.