MITRE ATT&CK®

Summary

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and is used as a cybersecurity product and service community. This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.

Definitions

Definition	Requirements
MITRE-M1036. Account use policies	130. Limit password lifespan 131. Deny multiple password changing attempts 138. Define lifespan for temporary passwords 141. Force re-authentication 210. Delete information from mobile devices 226. Avoid account lockouts 227. Display access notification 305. Prioritize token usage 027. Allow session lockout
MITRE-M1049. Antivirus/antimalware	118. Inspect attachments 273. Define a fixed security suite 041. Scan files for malicious code
MITRE-M1048. Application isolation and sandboxing	159. Obfuscate code 180. Use mock data
MITRE-M1047. Audit	155. Application free of malicious code 322. Avoid excessive logging
MITRE-M1040. Behavior prevention on endpoint	373. Use certificate pinning
MITRE-M1046. Boot integrity	062. Define standard configurations
MITRE-M1045. Code signing	178. Use digital signatures
MITRE-M1043. Credential access protection	114. Deny access with inactive credentials 122. Validate credential ownership 142. Change system default credentials 375. Remove sensitive data from client-side applications
MITRE-M1057. Data loss prevention	266. Disable insecure functionalities 273. Define a fixed security suite 062. Define standard configurations
MITRE-M1041. Encrypt sensitive information	151. Separate keys for encryption and signatures 185. Encrypt sensitive information 026. Encrypt client-side session information
MITRE-M1039. Environment variable permissions	035. Manage privilege modifications
MITRE-M1038. Execution prevention	344. Avoid dynamic code execution 352. Enable trusted execution
MITRE-M1037. Filter network traffic	115. Filter malicious emails 173. Discard unsafe inputs 258. Filter website content
MITRE-M1035. Limit access to resource over network	167. Close unused resources 320. Avoid client-side control enforcement 330. Verify Subresource Integrity 033. Restrict administrative access
MITRE-M1034. Limit hardware installation	221. Disconnect unnecessary input devices 326. Detect rooted devices 350. Enable memory protection mechanisms
MITRE-M1033. Limit software installation	354. Prevent firmware downgrades
MITRE-M1032. Multi-factor authentication	229. Request access credentials 328. Request MFA for critical systems 362. Assign MFA mechanisms to a single account
MITRE-M1031. Network intrusion prevention	247. Hide SSID on private networks 249. Locate access points 251. Change access point IP 255. Allow access only to the necessary ports 033. Restrict administrative access
MITRE-M1030. Network segmentation	259. Segment the organization network 033. Restrict administrative access
MITRE-M1027. Password policies	126. Set a password regeneration mechanism 127. Store hashed passwords 129. Validate previous passwords 130. Limit password lifespan 131. Deny multiple password changing attempts 133. Passwords with at least 20 characters 136. Force temporary password change 137. Change temporary passwords of third parties 138. Define lifespan for temporary passwords 332. Prevent the use of breached passwords 367. Proper generation of temporary passwords 380. Define a password management tool
MITRE-M1026. Privileged account management	025. Manage concurrent sessions 033. Restrict administrative access 034. Manage user accounts 035. Manage privilege modifications 095. Define users with privileges 096. Set user's required privileges
MITRE-M1025. Privileged process integrity	224. Use secure cryptographic mechanisms 231. Implement a biometric verification component 232. Require equipment identity 265. Restrict access to critical processes 328. Request MFA for critical systems 337. Make critical logic flows thread safe 046. Manage the integrity of critical files
MITRE-M1029. Remote data storage	176. Restrict system objects 213. Allow geographic location 350. Enable memory protection mechanisms 075. Record exceptional events in logs 083. Avoid logging sensitive data 085. Allow session history queries
MITRE-M1022. Restrict file and directory permissions	176. Restrict system objects 280. Restrict service root directory
MITRE-M1021. Restrict web-based content	118. Inspect attachments 175. Protect pages from clickjacking 258. Filter website content 349. Include HTTP security headers 029. Cookies with security attributes
MITRE-M1020. SSL/TLS inspection	336. Disable insecure TLS versions
MITRE-M1051. Update software	302. Declare dependencies explicitly 353. Schedule firmware updates
MITRE-M1018. User account management	025. Manage concurrent sessions 034. Manage user accounts 096. Set user's required privileges
MITRE-M1016. Vulnerability scanning	154. Eliminate backdoors 155. Application free of malicious code 041. Scan files for malicious code 062. Define standard configurations
MITRE-M1015. Active directory configuration	062. Define standard configurations
MITRE-M1013. Application developer guidance	154. Eliminate backdoors 155. Application free of malicious code 156. Source code without sensitive information 157. Use the strict mode 158. Use a secure programming language 159. Obfuscate code 160. Encode system outputs 161. Define secure default options 164. Use optimized structures 167. Close unused resources 168. Initialize variables explicitly 169. Use parameterized queries 171. Remove commented-out code 172. Encrypt connection strings 173. Discard unsafe inputs 175. Protect pages from clickjacking 323. Exclude unverifiable files 337. Make critical logic flows thread safe 344. Avoid dynamic code execution 345. Establish protections against overflows 379. Keep low McCabe cyclomatic complexity
MITRE-M1042. Disable or remove feature or program	266. Disable insecure functionalities 062. Define standard configurations
MITRE-M1028. Operating system configuration	062. Define standard configurations
MITRE-M1056. Pre-compromise	186. Use the principle of least privilege 035. Manage privilege modifications 095. Define users with privileges
MITRE-M1044. Restrict library loading	155. Application free of malicious code 302. Declare dependencies explicitly
MITRE-M1024. Restrict registry permissions	035. Manage privilege modifications 062. Define standard configurations 095. Define users with privileges 096. Set user's required privileges
MITRE-M1054. Software configuration	266. Disable insecure functionalities
MITRE-M1052. User account control	035. Manage privilege modifications 095. Define users with privileges 096. Set user's required privileges

Last updated

2023/09/18