{"description": "ICS techniques mitigated by Software Process and Device Authentication, ATT&CK mitigation M0813 (v1.1)", "name": "Software Process and Device Authentication (M0813)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0800", "comment": "Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0830", "comment": "To protect against AiTM, authentication mechanisms should not send credentials across the network in plaintext and should also implement mechanisms to prevent replay attacks (such as nonces or timestamps). Challenge-response based authentication techniques that do not directly send credentials over the network provide better protection from AiTM.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0806", "comment": "Devices should authenticate all messages between master and outstation assets.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0858", "comment": "Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0868", "comment": "Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0816", "comment": "Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0838", "comment": "Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0839", "comment": "Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0861", "comment": "Devices should authenticate all messages between master and outstation assets.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0843", "comment": "Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0845", "comment": "Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0886", "comment": "All communication sessions to remote services should be authenticated to prevent unauthorized access.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0848", "comment": "Devices should authenticate all messages between master and outstation assets.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0856", "comment": "Devices should authenticate all messages between master and outstation assets.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0857", "comment": "Authenticate connections fromsoftware and devices to prevent unauthorized systems from accessing protected management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0855", "comment": "Devices should authenticate all messages between master and outstation assets.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0860", "comment": "Ensure wireless networks require the authentication of all devices, and that all wireless devices also authenticate network infrastructure devices (i.e., mutual authentication). For defense-in-depth purposes, utilize VPNs or ensure that application-layer protocols also authenticate the system or device. Use protocols that provide strong authentication (e.g., IEEE 802.1X), and enforce basic protections, such as MAC filtering, when stronger cryptographic techniques are not available.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Software Process and Device Authentication", "color": "#66b1ff"}]}