Pre-compromise
This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.
Privileged Account Management
Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.
Password Policies
Set and enforce secure password policies for accounts.
Filter Network Traffic
Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.
User Training
Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.
Disable or Remove Feature or Program
Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.
Encrypt Sensitive Information
Protect sensitive information with strong encryption.
Limit Access to Resource Over Network
Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.
Network Segmentation
Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services...
Network Intrusion Prevention
Use intrusion detection signatures to block traffic at network boundaries.
Software Configuration
Implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates.
Active Directory Configuration
Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.