{"description": "ICS techniques mitigated by Disable or Remove Feature or Program, ATT&CK mitigation M0942 (v1.0)", "name": "Disable or Remove Feature or Program (M0942)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0830", "comment": "Disable unnecessary legacy network protocols that may be used for AiTM if applicable.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0807", "comment": "Consider removing or restricting features that are unnecessary to an asset's intended function within the control environment.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0885", "comment": "Ensure that unnecessary ports and services are closed to prevent risk of discovery and potential exploitation.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0816", "comment": "Ensure remote commands that enable device shutdown are disabled if they are not necessary. Examples include DNP3's 0x0D function code or unnecessary device management functions.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0866", "comment": "Ensure that unnecessary ports and services are closed to prevent risk of discovery and potential exploitation.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0822", "comment": "Consider removal of remote services which are not regularly in use, or only enabling them when required (e.g., vendor remote access). Ensure all external remote access point (e.g., jump boxes, VPN concentrator) are configured with least functionality, especially the removal of unnecessary services. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0847", "comment": "Consider the disabling of features such as AutoRun.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0853", "comment": "Consider removal or disabling of programs and features which may be used to run malicious scripts (e.g., scripting language IDEs, PowerShell, visual studio).\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Disable or Remove Feature or Program", "color": "#66b1ff"}]}